Overview

overview

10

Static

static

1

RNSM00300.7z

windows7-x64

10

Analysis

  • max time kernel
    233s
  • max time network
    360s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13-11-2024 19:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RNSM00300.7z

  • Size

    14.0MB

  • MD5

    86ca55c0e02afac41b98fb5bc9ceb5f8

  • SHA1

    7eb1b3676dcee7b3270ee96f38641f212b3e63a9

  • SHA256

    a1b6da5cf5ceff441aaf5b1b3e962d473b185d4b70e1abfefabe859d4bc1fe03

  • SHA512

    b844650254638e4c58deb7740eb1febdae6062300bb704d79486f611766daa9c14f58df6769f553ccf3ce254c8d2ba9bfadfa84908d6951a316752df188b717b

  • SSDEEP

    393216:u0lNP1E1B31eadiqPnfGDG4la4AvHDIubIaVSDoWyq5y:5DPKBFeeffC9a4o8uUYSoWyR

Score
10/10
badrabbitgozilockylocky_lukitusmimikatzteslacrypttroldeshbankerdefense_evasiondiscoveryevasionexecutionimpactpersistenceprivilege_escalationransomwarespywarestealertrojanupx

Malware Config

Extracted

Path

C:\Users\Public\Videos\how_to_decrypt_files.html

Ransom Note
<html> <style type="text/css"> body { background-color: #404040; } { margin: 0; padding: 0; } h1, h3{ text-align: center; text-transform: uppercase; font-weight: normal; } /*---*/ .tabs1{ width: 800px; display: block; margin: auto; position: relative; } .tabs1 .head{ text-align: center; float: top; text-transform: uppercase; font-weight: normal; display: block; padding: 15px; color: #000000; background: #4A83FD; } .tabs1 .identi { margin-left: 15px; line-height: 13px; font-size: 13px; text-align: center; float: top; display: block; padding: 15px; background: #303030; color: #DFDFDF; } /*---*/ .tabs{ width: 800px; display: block; margin: auto; position: relative; } .tabs .tab{ float: left; display: block; } .tabs .tab>input[type="radio"] { position: absolute; top: -9999px; left: -9999px; } .tabs .tab>label { display: block; padding: 6px 21px; font-size: 18x; text-transform: uppercase; cursor: pointer; position: relative; color: #FFF; background: #4A83FD; } .tabs .content { z-index: 0;/* or display: none; */ overflow: hidden; width: 800px; /*padding: 25px;*/ position: absolute; top: 32px; left: 0; background: #303030; color: #DFDFDF; opacity:0; transition: opacity 400ms ease-out; } .tabs .content .text{ width: 700px; padding: 25px; } .tabs>.tab>[id^="tab"]:checked + label { top: 0; background: #303030; color: #F5F5F5; } .tabs>.tab>[id^="tab"]:checked ~ [id^="tab-content"] { z-index: 1;/* or display: block; */ opacity: 1; transition: opacity 400ms ease-out; } </style> <head> <meta charset="utf-8"> <title>HOW TO DECRYPT YOUR FILES</title> </head> <body> <div class="tabs1"> <div class="head" ><h3>Your personal ID</h3></div> <div class="identi"> <pre>25 89 98 1C AC 03 EB 87 62 4A 31 7C 0D 61 13 84 F9 A7 74 48 35 13 74 C2 20 71 59 B2 DC F2 0A 50 A8 AE 98 EB 21 65 47 C8 93 4D 3F 63 4A 97 FD FB 55 7F 2A C2 42 5E A3 DB 8C 33 C2 22 31 7A 08 F1 31 93 3A 8B 56 10 24 E4 69 FA AE 7C 6D 68 59 E4 E5 19 75 56 71 65 6E 74 43 2D BF 39 92 44 78 45 9C ED A8 06 FE 86 B7 C5 59 00 A5 28 30 4F AA FC 8C 11 3D 82 B0 56 4B 86 64 AD D7 F3 7B A6 A0 4C A6 D3 9E 49 F3 A0 62 26 D3 F3 22 D3 85 E0 BD 58 4F F7 3B FA DE D1 55 32 F3 D6 9B 22 DE B2 9E DE C8 D3 CD 30 4A F3 2F C1 C6 1E BE 61 E2 CD 15 45 B8 A0 D1 1F 44 99 F0 82 51 DF 47 8C 4B FF 36 39 61 CD 9D 9F C6 B8 18 CE 57 98 04 0C E1 51 20 9B 0A 4D 0B 0F 3E 94 24 E5 31 FF A0 4C C5 55 8A 7B 2F CC A8 FC 7D D9 19 13 6D 2E 1C 20 05 C2 CA AF CD A9 AE 6C C4 EB F4 24 E6 8D 43 48 4C A0 BB 77 </pre><!-- !!! dont changing this !!! --> </div> </div> <!-- --> <div class="tabs"> <!--tab--> <div class="tab"> <input type="radio" name="tabs" checked="checked" id="tab1" /> <label for="tab1">English</label> <div id="tab-content1" class="content"> <h1>&#9760; Your files are encrypted! &#9760;</h1> <hr/> <h3>All your important data has been encrypted.</h3> <br/> <div class="text"> <!--text data --> To recover data you need decryptor.</br> To get the decryptor you should:</br> <p>1) Contact us by e-mail: <span>[email protected]</span> or <span class="mark">[email protected] </span>.</br> * We can decrypt one file (less than 10MB) in quality the evidence that we have the decoder. In the letter include your personal ID (look at the beginning of this document).</p> 2) We will give you the decrypted file and assign the price for decryption all files.</p> 3) Then follow the instructions and you will receive an automatic decryptor + recovery instructions. </br> <p> </p> <center>Attention!</center></br> <ul> <li>Only <span>[email protected]</span> or <span class="mark">[email protected]</span> can decrypt your files</li> <li>Do not attempt to remove the program or run the anti-virus tools</li> <li>Attempts to self-decrypting files will result in the loss of your data</li> <li>Decoders other users are not compatible with your data, because each user's unique encryption key</li> <li>If you can't send a message or don't get an answer longer than 24 hours, try to write with the other e-mail address, for example register mail.india.com </li> </ul> <!--text data --> </div> </div> </div> <!--tab--> </ul> <!--text data --> </div> </div> <!--tab--> </div> </div> </body> </html>
Emails

<span>[email protected]</span>

class="mark">[email protected]

class="mark">[email protected]</span>

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+hhthx.txt

Family

teslacrypt

Ransom Note
NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with RSA4096 More information about the encryption keys using RSA4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) How did this happen ? !!! Specially for your PC was generated personal RSA4096 Key , both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. !!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server What do I do ? So , there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1 - http://po4dbsjbneljhrlbvaueqrgveatv.bonmawp.at/5E10E3F8F525605 2 - http://u54bbnhf354fbkh254tbkhjbgy8258gnkwerg.tahaplap.com/5E10E3F8F525605 3 - http://w6bfg4hahn5bfnlsafgchkvg5fwsfvrt.hareuna.at/5E10E3F8F525605 If for some reasons the addresses are not available, follow these steps: 1 - Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2 - After a successful installation, run the browser 3 - Type in the address bar: xlowfznrg4wf7dli.onion/5E10E3F8F525605 4 - Follow the instructions on the site IMPORTANT INFORMATION Your personal pages http://po4dbsjbneljhrlbvaueqrgveatv.bonmawp.at/5E10E3F8F525605 http://u54bbnhf354fbkh254tbkhjbgy8258gnkwerg.tahaplap.com/5E10E3F8F525605 http://w6bfg4hahn5bfnlsafgchkvg5fwsfvrt.hareuna.at/5E10E3F8F525605 Your personal page Tor-Browser xlowfznrg4wf7dli.ONION/5E10E3F8F525605
URLs

http://po4dbsjbneljhrlbvaueqrgveatv.bonmawp.at/5E10E3F8F525605

http://u54bbnhf354fbkh254tbkhjbgy8258gnkwerg.tahaplap.com/5E10E3F8F525605

http://w6bfg4hahn5bfnlsafgchkvg5fwsfvrt.hareuna.at/5E10E3F8F525605

http://xlowfznrg4wf7dli.ONION/5E10E3F8F525605

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+nttno.txt

Family

teslacrypt

Ransom Note
NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with RSA-4096. More information about the encryption keys using RSA-4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) How did this happen ? !!! Specially for your PC was generated personal RSA-4096 KEY, both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. !!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server What do I do ? So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way. If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment. For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1. http://tt54rfdjhb34rfbnknaerg.milerteddy.com/9F2A4996FD94963A 2. http://kkd47eh4hdjshb5t.angortra.at/9F2A4996FD94963A 3. http://ytrest84y5i456hghadefdsd.pontogrot.com/9F2A4996FD94963A If for some reasons the addresses are not available, follow these steps: 1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2. After a successful installation, run the browser 3. Type in the address bar: xlowfznrg4wf7dli.onion/9F2A4996FD94963A 4. Follow the instructions on the site. ---------------- IMPORTANT INFORMATION------------------------ *-*-* Your personal pages: http://tt54rfdjhb34rfbnknaerg.milerteddy.com/9F2A4996FD94963A http://kkd47eh4hdjshb5t.angortra.at/9F2A4996FD94963A http://ytrest84y5i456hghadefdsd.pontogrot.com/9F2A4996FD94963A *-*-* Your personal page Tor-Browser: xlowfznrg4wf7dli.ONION/9F2A4996FD94963A
URLs

http://tt54rfdjhb34rfbnknaerg.milerteddy.com/9F2A4996FD94963A

http://kkd47eh4hdjshb5t.angortra.at/9F2A4996FD94963A

http://ytrest84y5i456hghadefdsd.pontogrot.com/9F2A4996FD94963A

http://xlowfznrg4wf7dli.ONION/9F2A4996FD94963A

Extracted

Path

C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\_README_1VZP_.hta

Ransom Note
<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>CERBER RANSOMWARE: Instructions</title> <HTA:APPLICATION APPLICATIONNAME="CERBER RANSOMWARE: Instructions" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize"> <style> a { color: #04a; text-decoration: none; } a:hover { text-decoration: underline; } body { background-color: #e7e7e7; color: #222; font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif; font-size: 13pt; line-height: 19pt; } body, h1 { margin: 0; padding: 0; } hr { color: #bda; height: 2pt; margin: 1.5%; } h1 { color: #555; font-size: 14pt; } ol { padding-left: 2.5%; } ol li { padding-bottom: 13pt; } small { color: #555; font-size: 11pt; } ul { list-style-type: none; margin: 0; padding: 0; } .button { color: #04a; cursor: pointer; } .button:hover { text-decoration: underline; } .container { background-color: #fff; border: 2pt solid #c7c7c7; margin: 2.5%; min-width: 850px; padding: 2.5%; } .header { border-bottom: 2pt solid #c7c7c7; margin-bottom: 2.5%; padding-bottom: 2.5%; } .hr { background: #bda; display: block; height: 2pt; margin-top: 1.5%; margin-bottom: 1.5%; overflow: hidden; width: 100%; } .info { background-color: #efe; border: 2pt solid #bda; display: inline-block; padding: 1.5%; text-align: center; } .updating { color: red; display: none; } #change_language { float: right; } #change_language, #texts div { display: none; } </style> </head> <body> <div class="container"> <div class="header"> <a href="#" id="change_language" onclick="return changeLanguage();" title="English">&#9745; English</a> <h1>CERBER RANSOMWARE</h1> <small id="title">Instructions</small> </div> <div id="languages"> <p>&#9745; Select your language</p> <ul> <li><a href="#" title="English" onclick="return showBlock('en');">English</a></li> <li><a href="#" title="Arabic" onclick="return showBlock('ar');">العربية</a></li> <li><a href="#" title="Chinese" onclick="return showBlock('zh');">中文</a></li> <li><a href="#" title="Dutch" onclick="return showBlock('nl');">Nederlands</a></li> <li><a href="#" title="French" onclick="return showBlock('fr');">Français</a></li> <li><a href="#" title="German" onclick="return showBlock('de');">Deutsch</a></li> <li><a href="#" title="Italian" onclick="return showBlock('it');">Italiano</a></li> <li><a href="#" title="Japanese" onclick="return showBlock('ja');">日本語</a></li> <li><a href="#" title="Korean" onclick="return showBlock('ko');">한국어</a></li> <li><a href="#" title="Polish" onclick="return showBlock('pl');">Polski</a></li> <li><a href="#" title="Portuguese" onclick="return showBlock('pt');">Português</a></li> <li><a href="#" title="Spanish" onclick="return showBlock('es');">Español</a></li> <li><a href="#" title="Turkish" onclick="return showBlock('tr');">Türkçe</a></li> </ul> </div> <div id="texts"> <div id="en"> <p>Can't you find the necessary files?<br>Is the content of your files not readable?</p> <p>It is normal because the files' names and the data in your files have been encrypted by "Cerber&nbsp;Ransomware".</p> <p>It means your files are NOT damaged! Your files are modified only. This modification is reversible.<br>From now it is not possible to use your files until they will be decrypted.</p> <p>The only way to decrypt your files safely is to buy the special decryption software "Cerber&nbsp;Decryptor".</p> <p>Any attempts to restore your files with the third-party software will be fatal for your files!</p> <hr> <p class="w331208">You can proceed with purchasing of the decryption software at your personal page:</p> <p><span class="info"><span class="updating">Please wait...</span><a id="megaurl" class="url" href="http://ffoqr3ug7m726zou.4bzlfh.top/E001-2C56-5AB0-0090-8C1E" target="_blank">http://ffoqr3ug7m726zou.4bzlfh.top/E001-2C56-5AB0-0090-8C1E</a><span class="hr"></span><a href="http://ffoqr3ug7m726zou.kt70uk.top/E001-2C56-5AB0-0090-8C1E" target="_blank">http://ffoqr3ug7m726zou.kt70uk.top/E001-2C56-5AB0-0090-8C1E</a><span class="hr"></span><a href="http://ffoqr3ug7m726zou.onion.to/E001-2C56-5AB0-0090-8C1E" target="_blank">http://ffoqr3ug7m726zou.onion.to/E001-2C56-5AB0-0090-8C1E</a></span></p> <p>If this page cannot be opened &nbsp;<span class="button" onclick="return updateUrl();">click here</span>&nbsp; to generate a new address to your personal page.</p> <p>At this page you will receive the complete instructions how to buy the decryption software for restoring all your files.</p> <p>Also at this page you will be able to restore any one file for free to be sure "Cerber&nbsp;Decryptor" will help you.</p> <hr> <p>If your personal page is not available for a long period there is another way to open your personal page - installation and use of Tor&nbsp;Browser:</p> <ol> <li>run your Internet browser (if you do not know what it is run the Internet&nbsp;Explorer);</li> <li>enter or copy the address <a href="https://www.torproject.org/download/download-easy.html.en" target="_blank">https://www.torproject.org/download/download-easy.html.en</a> into the address bar of your browser and press ENTER;</li> <li>wait for the site loading;</li> <li>on the site you will be offered to download Tor&nbsp;Browser; download and run it, follow the installation instructions, wait until the installation is completed;</li> <li>run Tor&nbsp;Browser;</li> <li>connect with the button "Connect" (if you use the English version);</li> <li>a normal Internet browser window will be opened after the initialization;</li> <li>type or copy the address <br><span class="info">http://ffoqr3ug7m726zou.onion/E001-2C56-5AB0-0090-8C1E</span><br> in this browser address bar;</li> <li>press ENTER;</li> <li>the site should be loaded; if for some reason the site is not loading wait for a moment and try again.</li> </ol> <p>If you have any problems during installation or use of Tor&nbsp;Browser, please, visit <a href="https://www.youtube.com/results?search_query=Install+Tor+Browser+Windows" target="_blank">https://www.youtube.com</a> and type request in the search bar "Install Tor&nbsp;Browser Windows" and you will find a lot of training videos about Tor&nbsp;Browser installation and use.</p> <hr> <p><strong>Additional information:</strong></p> <p>You will find the instructions ("*.hta") for restoring your files in any folder with your encrypted files.</p> <p>The instructions ("*.hta") in the folders with your encrypted files are not viruses! The instructions ("*.hta") will help you to decrypt your files.</p> <p>Remember! The worst situation already happened and now the future of your files depends on your determination and speed of your actions.</p> </div> <div id="ar" style="direction: rtl;"> <p>لا يمكنك العثور على الملفات الضرورية؟<br>هل محتوى الملفات غير قابل للقراءة؟</p> <p>هذا أمر طبيعي لأن أسماء الملفات والبيانات في الملفات قد تم تشفيرها بواسطة "Cerber&nbsp;Ransomware".</p> <p>وهذا يعني أن الملفات الخاصة بك ليست تالفة! فقد تم تعديل ملفاتك فقط. ويمكن التراجع عن هذا.<br>ومن الآن فإنه لا يكن استخدام الملفات الخاصة بك حتى يتم فك تشفيرها.</p> <p>الطريقة الوحيدة لفك تشفير ملفاتك بأمان هو أن تشتري برنامج فك التشفير المتخصص "Cerber&nbsp;Decryptor".</p> <p>إن أية محاولات لاستعادة الملفات الخاصة بك بواسطة برامج من طرف ثالث سوف تكون مدمرة لملفاتك!</p> <hr> <p>يمكنك الشروع في شراء برنامج فك التشفير من صفحتك الشخصية:</p> <p><span class="info"><span class="updating">أرجو الإنتظار...</span><a class="url" href="http://ffoqr3ug7m726zou.4bzlfh.top/E001-2C56-5AB0-0090-8C1E" target="_blank">http://ffoqr3ug7m726zou.4bzlfh.top/E001-2C56-5AB0-0090-8C1E</a><span class="hr"></span><a href="http://ffoqr3ug7m726zou.kt70uk.top/E001-2C56-5AB0-0090-8C1E" target="_blank">http://ffoqr3ug7m726zou.kt70uk.top/E001-2C56-5AB0-0090-8C1E</a><span class="hr"></span><a href="http://ffoqr3ug7m726zou.onion.to/E001-2C56-5AB0-0090-8C1E" target="_blank">http://ffoqr3ug7m726zou.onion.to/E001-2C56-5AB0-0090-8C1E</a></span></p> <p>في حالة تعذر فتح هذه الصفحة &nbsp;<span class="button" onclick="return updateUrl();">انقر هنا</span>&nbsp; لإنشاء عنوان جديد لصفحتك الشخصية.</p> <p>في هذه الصفحة سوف تتلقى تعليمات كاملة حول كيفية شراء برنامج فك التشفير لاستعادة جميع الملفات الخاصة بك.</p> <p>في هذه الصفحة أيضًا سوف تتمكن من استعادة ملف واحد بشكل مجاني للتأكد من أن "Cerber&nbsp;Decryptor" سوف يساعدك.</p> <hr> <p>إذا كانت صفحتك الشخصية غير متاحة لفترة طويلة فإن ثمّة طريقة أخرى لفتح صفحتك الشخصية - تحميل واستخدام متصفح Tor:</p> <ol> <li>قم بتشغيل متصفح الإنترنت الخاص بك (إذا كنت لا تعرف ما هو قم بتشغيل إنترنت إكسبلورر);</li> <li>قم بكتابة أو نسخ العنوان <a href="https://www.torproject.org/download/download-easy.html.en" target="_blank">https://www.torproject.org/download/download-easy.html.en</a> إلى شريط العنوان في المستعرض الخاص بك ثم اضغط ENTER;</li> <li>انتظر لتحميل الموقع;</li> <li>سوف يعرض عليك الموقع تحميل متصفح Tor. قم بتحميله وتشغيله، واتبع تعليمات التثبيت، وانتظر حتى اكتمال التثبيت;</li> <li>قم بتشغيل متصفح Tor;</li> <li>اضغط على الزر "Connect" (إذا كنت تستخدم النسخة الإنجليزية);</li> <li>سوف تُفتح نافذة متصفح الإنترنت العادي بعد البدء;</li> <li>قم بكتابة أو نسخ العنوان <br><span class="info">http://ffoqr3ug7m726zou.onion/E001-2C56-5AB0-0090-8C1E</span><br> في شريط العنوان في المتصفح;</li> <li>اضغط ENTER;</li> <li>يجب أن يتم تحميل الموقع؛ إذا لم يتم تحميل الموقع لأي سبب، انتظر للحظة وحاول مرة أخرى.</li> </ol> <p>إذا كان لديك أية مشكلات أثناء عملية التثبيت أو استخدام متصفح Tor، يُرجى زيارة <a href="https://www.youtube.com/results?search_query=Install+Tor+Browser+Windows" target="_blank">https://www.youtube.com</a> واكتب الطلب "install tor browser windows" أو "تثبيت نوافذ متصفح Tor" في شريط البحث، وسوف تجد الكثير من أشرطة الفيديو للتدريب حول تثبيت متصفح Tor واستخدامه.</p> <hr> <p><strong>معلومات إضافية:</strong></p> <p>سوف تجد إرشادات استعادة الملفات الخاصة بك ("*.hta") في أي مجلد مع ملفاتك المشفرة.</p> <p>الإرشادات ("*.hta") الموجودة في المجلدات مع ملفاتك المشفرة ليست فيروسات والإرشادات ("*.hta") سوف تساعدك على فك تشفير الملفات الخاصة بك.</p> <p>تذكر أن أسوأ موقف قد حدث بالفعل، والآن مستقبل ملفاتك يعتمد على عزيمتك وسرعة الإجراءات الخاصة بك.</p> </div> <div id="zh"> <p>您找不到所需的文件?<br>您文件的内容无法阅读?</p> <p>这是正常的,因为您文件的文件名和数据已经被“Cerber&nbsp;Ransomware”加密了。</p> <p>这意味着您的文件并没有损坏!您的文件只是被修改了,这个修改是可逆的,解密之前您无法使用您的文件。</p> <p>安全解密您文件的唯一方式是购买特别的解密软件“Cerber&nbsp;Decryptor”。</p> <p>任何使用第三方软件恢复您文件的方式对您的文件来说都将是致命的!</p> <hr> <p>您可以在您的个人页面上购买解密软件:</p> <p><span class="info"><span class="updating">请稍候...</span><a class="url" href="http://ffoqr3ug7m726zou.4bzlfh.top/E001-2C56-5AB0-0090-8C1E" target="_blank">http://ffoqr3ug7m726zou.4bzlfh.top/E001-2C56-5AB0-0090-8C1E</a><span class="hr"></span><a href="http://ffoqr3ug7m726zou.kt70uk.top/E001-2C56-5AB0-0090-8C1E" target="_blank">http://ffoqr3ug7m726zou.kt70uk.top/E001-2C56-5AB0-0090-8C1E</a><span class="hr"></span><a href="http://ffoqr3ug7m726zou.onion.to/E001-2C56-5AB0-0090-8C1E" target="_blank">http://ffoqr3ug7m726zou.onion.to/E001-2C56-5AB0-0090-8C1E</a></span></p> <p>如果这个页面无法打开,请 <span class="button" onclick="return updateUrl();">点击这里</span> 生成您个人页面的新地址。</p> <p>您将在这个页面上看到如何购买解密软件以恢复您的文件。</p> <p>您可以在这个页面使用“Cerber&nbsp;Decryptor”免费恢复任何文件。</p> <hr> <p>如果您的个人页面长期不可用,有其他方法可以打开您的个人页面 - 安装并使用 Tor 浏览器:</p> <ol> <li>使用您的上网浏览器(如果您不知道使用 Internet&nbsp;Explorer 的话);</li> <li>在浏览器的地址栏输入或复制地址 <a href="https://www.torproject.org/download/download-easy.html.en" target="_blank">https://www.torproject.org/download/download-easy.html.en</a> 并按 ENTER 键;</li> <li>等待站点加载;</li> <li>您将在站点上下载 Tor 浏览器;下载并运行它,按照安装指南进行操作,等待直至安装完成;</li> <li>运行 Tor 浏览器;</li> <li>使用“Connect”按钮进行连接(如果您使用英文版);</li> <li>初始化之后将打开正常的上网浏览器窗口;</li> <li>在浏览器地址栏中输入或复制地址 <br><span class="info">http://ffoqr3ug7m726zou.onion/E001-2C56-5AB0-0090-8C1E</span><br></li> <li>按 ENTER 键;</li> <li>该站点将加载;如果由于某些原因等待一会儿后没有加载,请重试。</li> </ol> <p>如果在安装期间或使用 Tor 浏览器期间有任何问题,请访问 <a href="https://www.baidu.com/s?wd=%E6%80%8E%E4%B9%88%E5%AE%89%E8%A3%85%20tor%20%E6%B5%8F%E8%A7%88%E5%99%A8" target="_blank">https://www.baidu.com</a> 并在搜索栏中输入“怎么安装 Tor 浏览器”,您将找到有关如何安装洋葱 Tor 浏览器的说明和教程。</p> <hr> <p><strong>附加信息:</strong></p> <p>您将在任何带有加密文件的文件夹中找到恢复您文件(“*.hta”)的说明。</p> <p>带有加密文件的文件夹中的(“*.hta”)说明不是病毒,(“*.hta”)说明将帮助您解密您的文件。</p> <p>请记住,最坏的情况都发生过了,您的文件还能不能用取决于您的决定和反应速度。</p> </div> <div id="nl"> <p>Kunt u de nodige files niet vinden?<br>Is de inhoud van uw bestanden niet leesbaar?</p> <p>Het is gewoonlijk omdat de bestandsnamen en de gegevens in uw bestanden zijn versleuteld door “Cerber&nbsp;Ransomware”.</p> <p>Het betekent dat uw bestanden NIET beschadigd zijn! Uw bestanden zijn alleen gewijzigd. Deze wijziging is omkeerbaar. Vanaf nu is het niet mogelijk uw bestanden te gebruiken totdat ze ontsleuteld zijn.</p> <p>De enige manier om uw bestanden veilig te

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\help_restore_files_vhfto.html

Ransom Note
<html><title>CryptoWall 3.0</title><style>a { color:green; }.tb { background:white; border-style:solid; border-width:1px; padding:3px; border-color:lime; }.ttl { font-size:13px; color:880000; }</style><body style="background:#33CCFF;"> <center><div style="text-align:left; font-family:Arial; font-size:13px; line-height:20px; margin-top:10px; width:800px; background:#F4F4F4; padding:20px; border-style:solid; border-width:5px; border-color:#BABABA;"><b><font class="ttl">What happened to your files?</b></font><br> <font style="font-size:13px;">All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 3.0.<br> More information about the encryption RSA-2048 can be found here: <a href="http://en.wikipedia.org/wiki/RSA_(cryptosystem)" target="_blank">http://en.wikipedia.org/wiki/RSA_(cryptosystem)</a><br></font><br><b><font class="ttl">What does this mean?</b></font><br><font style="font-size:13px;">This means that the structure and data within your files have been irrevocably changed, you will not be able to work<br> with them, read them or see them, it is the same thing as losing them forever, but with our help, you can restore them.</font><br><br><b><font class="ttl">How did this happen?</b></font> <br> <font style="font-size:13px;"> Especially for you, on our server was generated the secret key pair RSA-2048 - public and private.<br>All your files were encrypted with the public key, which has been transferred to your computer via the Internet.<br> Decrypting of YOUR FILES is only possible with the help of the private key and decrypt program, which is on our SECRET SERVER!!!.</font><br><br><b><font class="ttl">What do I do?</b></font> <br> <font style="font-size:13px;">Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.<br> If you really need your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.</font><br><br><div class="tb" style="color:#880000; font-size:13px; border-width:3px;">For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: <hr><b>1.<a href="http://kfor94jsnduf73masd.rdxhuikm8t1sxpdf7.com/1B1E68323C928D4F" target="_blank">http://kfor94jsnduf73masd.rdxhuikm8t1sxpdf7.com/1B1E68323C928D4F</a></b><br><b>2.<a href="http://ldonasdfnre.kfo39masdfdo.net/1B1E68323C928D4F" target="_blank">http://ldonasdfnre.kfo39masdfdo.net/1B1E68323C928D4F</a></b><br><b>3.<a href="https://zpr5huq4bgmutfnf.onion.to/1B1E68323C928D4F" target="_blank">https://zpr5huq4bgmutfnf.onion.to/1B1E68323C928D4F</a></b><br></div><br><div class="tb" style="font-size:13px; border-color:#880000;">If for some reasons the addresses are not available, follow these steps: <hr>1. Download and install tor-browser: <a href="http://www.torproject.org/projects/torbrowser.html.en" target="_blank">http://www.torproject.org/projects/torbrowser.html.en</a><br>2. After a successful installation, run the browser and wait for initialization.<br>3. Type in the address bar: <font style="font-weight:bold; color:#009977;">zpr5huq4bgmutfnf.onion/1B1E68323C928D4F</font><br>4. Follow the instructions on the site.</div><br><br><b>IMPORTANT INFORMATION:</b><br><div class="tb" style="width:790px;">Your Personal PAGE: <b><a href="http://kfor94jsnduf73masd.rdxhuikm8t1sxpdf7.com/1B1E68323C928D4F" target="_blank">http://kfor94jsnduf73masd.rdxhuikm8t1sxpdf7.com/1B1E68323C928D4F</a></b><br>Your Personal PAGE(using TOR): <font style="font-weight:bold; color:#009977;">zpr5huq4bgmutfnf.onion/1B1E68323C928D4F</font><br>Your personal code (if you open the site (or TOR 's) directly): <font style="font-weight:bold; color:#770000;">1B1E68323C928D4F</font><br></div></div></center></body></html>

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\help_restore_files_vhfto.txt

Ransom Note
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! What happened to your files ? All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 3.0. More information about the encryption keys using RSA-2048 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) What does this mean ? This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them, it is the same thing as losing them forever, but with our help, you can restore them. How did this happen ? Especially for you, on our server was generated the secret key pair RSA-2048 - public and private. All your files were encrypted with the public key, which has been transferred to your computer via the Internet. Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server. What do I do ? Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed. If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist. For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1.http://kfor94jsnduf73masd.rdxhuikm8t1sxpdf7.com/1B1E68323C928D4F 2.http://ldonasdfnre.kfo39masdfdo.net/1B1E68323C928D4F 3. https://zpr5huq4bgmutfnf.onion.to/1B1E68323C928D4F If for some reasons the addresses are not available, follow these steps: 1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2. After a successful installation, run the browser and wait for initialization. 3. Type in the address bar: zpr5huq4bgmutfnf.onion/1B1E68323C928D4F 4. Follow the instructions on the site. IMPORTANT INFORMATION: Your personal page: http://kfor94jsnduf73masd.rdxhuikm8t1sxpdf7.com/1B1E68323C928D4F Your personal page (using TOR): zpr5huq4bgmutfnf.onion/1B1E68323C928D4F Your personal identification number (if you open the site (or TOR 's) directly): 1B1E68323C928D4F
URLs

https://zpr5huq4bgmutfnf.onion.to/1B1E68323C928D4F

http://zpr5huq4bgmutfnf.onion/1B1E68323C928D4F

http://kfor94jsnduf73masd.rdxhuikm8t1sxpdf7.com/1B1E68323C928D4F

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+oilvv.txt

Ransom Note
__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#! NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with RSA-4096. More information about the encryption keys using RSA-4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) How did this happen ? !!! Specially for your PC was generated personal RSA-4096 KEY, both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server. What do I do ? So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way. If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment. For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1. http://rr7mdgjbjhbefvkhbashrg.ginnypecht.com/9F2A4996FD94963A 2. http://kk4dshfjn45tsnkdf34fg.tatiejava.at/9F2A4996FD94963A 3. http://94375hfsjhbdfkj5wfg.aladadear.com/9F2A4996FD94963A If for some reasons the addresses are not available, follow these steps: 1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2. After a successful installation, run the browser and wait for initialization 3. Type in the address bar: fwgrhsao3aoml7ej.onion/9F2A4996FD94963A 4. Follow the instructions on the site. ---------------- IMPORTANT INFORMATION------------------------ *** Your personal pages: http://rr7mdgjbjhbefvkhbashrg.ginnypecht.com/9F2A4996FD94963A http://kk4dshfjn45tsnkdf34fg.tatiejava.at/9F2A4996FD94963A http://94375hfsjhbdfkj5wfg.aladadear.com/9F2A4996FD94963A *** Your personal page Tor-Browser: fwgrhsao3aoml7ej.ONION/9F2A4996FD94963A *** Your personal identification ID: 9F2A4996FD94963A
URLs

http://rr7mdgjbjhbefvkhbashrg.ginnypecht.com/9F2A4996FD94963A

http://kk4dshfjn45tsnkdf34fg.tatiejava.at/9F2A4996FD94963A

http://94375hfsjhbdfkj5wfg.aladadear.com/9F2A4996FD94963A

http://fwgrhsao3aoml7ej.onion/9F2A4996FD94963A

http://fwgrhsao3aoml7ej.ONION/9F2A4996FD94963A

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+kyygd.txt

Ransom Note
__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#! NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with RSA-4096. More information about the encryption keys using RSA-4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) How did this happen ? !!! Specially for your PC was generated personal RSA-4096 KEY, both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. !!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server What do I do ? So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way. If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment. For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1. http://prest54538hnksjn4kjfwdbhwere.hotchunman.com/9F2A4996FD94963A 2. http://b4youfred5485jgsa3453f.italazudda.com/9F2A4996FD94963A 3. http://5rport45vcdef345adfkksawe.bematvocal.at/9F2A4996FD94963A If for some reasons the addresses are not available, follow these steps: 1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2. After a successful installation, run the browser and wait for initialization 3. Type in the address bar: fwgrhsao3aoml7ej.onion/9F2A4996FD94963A 4. Follow the instructions on the site. ---------------- IMPORTANT INFORMATION------------------------ *-*-* Your personal pages: http://prest54538hnksjn4kjfwdbhwere.hotchunman.com/9F2A4996FD94963A http://b4youfred5485jgsa3453f.italazudda.com/9F2A4996FD94963A http://5rport45vcdef345adfkksawe.bematvocal.at/9F2A4996FD94963A *-*-* Your personal page Tor-Browser: fwgrhsao3aoml7ej.ONION/9F2A4996FD94963A *-*-* Your personal identification ID: 9F2A4996FD94963A
URLs

http://prest54538hnksjn4kjfwdbhwere.hotchunman.com/9F2A4996FD94963A

http://b4youfred5485jgsa3453f.italazudda.com/9F2A4996FD94963A

http://5rport45vcdef345adfkksawe.bematvocal.at/9F2A4996FD94963A

http://fwgrhsao3aoml7ej.onion/9F2A4996FD94963A

http://fwgrhsao3aoml7ej.ONION/9F2A4996FD94963A

Extracted

Path

C:\!HELP_SOS.hta

Ransom Note
<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Decryption Instructions</title> <HTA:APPLICATION ID='App' APPLICATIONNAME="Decryption Instructions" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize"> <style> a { color: #04a; text-decoration: none; } a:hover { text-decoration: underline; } body { background-color: #e7e7e7; color: #222; font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif; font-size: 12pt; line-height: 16pt; } body, h1 { margin: 0; padding: 0; } h1 { color: #555; text-align: center; padding-bottom: 1.5em; line-height: 1.2; } h2 { color: #555; text-align: center; line-height: 1.2; } ol li { padding-bottom: 13pt; } .container { background-color: #EEE; border: 2pt solid #C7C7C7; margin: 3%; min-width: 600px; padding: 5% 10%; color: #444; } .filecontainer{ padding: 5% 10%; display: none; } .header { border-bottom: 2pt solid #c7c7c7; padding-bottom: 5%; } .hr { background: #bda; display: block; height: 2pt; margin-top: 1.5%; margin-bottom: 1.5%; overflow: hidden; width: 100%; } .key{ background-color: #A1D490; border: 1px solid #506A48; display: block; text-align: center; margin: 0.5em 0; padding: 1em 1.5em; word-wrap: break-word; } .keys{ margin: 3em 0; } .filename{ border: 3px solid #AAA; display: block; text-align: center; margin: 0.5em 0em; padding: 1em 1.5em; background-color: #DCC; } .us{ text-decoration: strong; color: #333; } .info{ background-color: #E4E4E4; padding: 0.5em 3em; margin: 1em 0; } .text{ text-align: justify; } #file{ background-color: #FCC; } .lsb{ display: none; margin: 3%; text-align: center; } .ls{ border: 1px solid #888; border-radius: 3px; padding: 0 0.5em; margin: 0.2em 0.1em; line-height: 2em; display: inline-block; } .ls:hover{ background-color: #D0D0D0; } .l{ display:none; } .lu{ display:none; } </style> <script language="vbscript"> Function GetCmd GetCmd = App.commandLine End Function </script> <script language="javascript"> function openlink(url){ new ActiveXObject("WScript.Shell").Run(url); return false; } function aIndexOf(arr, v){ for(var i = 0; i < arr.length; i++) if(arr[i] == v) return i; return -1; } function tweakClass(cl, f){ var els; if(document.getElementByClassName != null){ els = document.getElementsByClassName(cl); } else{ els = []; var tmp = document.getElementsByTagName('*'); for (var i = 0; i < tmp.length; i++){ var c = tmp[i].className; if( (c == cl) || ((c.indexOf(cl) != 1) && ((' '+c+' ').indexOf(' '+cl+' ') != -1)) ) els.push(tmp[i]); } } for(var i = 0; i < els.length; i++) f(els[i]); } function show(el){ el.style.display = 'block'; } function hide(el){ el.style.display = 'none'; } var langs = ["en","de","it","fr","es","no","pt","nl","kr","ms","zh","tr","vi","hi","jv","fa","ar"]; function setLang(lang){ if(aIndexOf(langs, lang) == -1) lang = langs[0]; for(var i = 0; i < langs.length; i++){ var clang = langs[i]; tweakClass('l-'+clang, function(el){ el.style.display = (clang == lang) ? 'block' : 'none'; }); tweakClass('ls-'+clang, function(el){ el.style.backgroundColor = (clang == lang) ? '#BBB' : ''; }); } } function newXHR() { if (window.XMLHttpRequest) return new window.XMLHttpRequest; try { return new ActiveXObject("MSXML2.XMLHTTP.3.0"); } catch(error) { return null; } } function getPage(url, cb) { try{ var xhr = newXHR(); if(!xhr) return cb('no xhr'); xhr.onreadystatechange = function() { if(xhr.readyState != 4) return; if(xhr.status != 200 || !xhr.responseText) return cb(xhr.status) cb(null, xhr.responseText); }; xhr.open("GET", url+((url.indexOf('?') == -1) ? "?" : "&") + "_=" + new Date().getTime(), true); xhr.send(); } catch(e){ cb(e); } } function decodeTxString(hex){ var m = '0123456789abcdef'; var s = ''; var c = 0xAA; hex = hex.toLowerCase(); for(var i = 0; i < hex.length; i+=2){ var a = m.indexOf(hex.charAt(i)); var b = m.indexOf(hex.charAt(i+1)); if(a == -1 || b == -1) throw hex[i]+hex[i+1]+' '+a+' '+b; s+= String.fromCharCode(c = (c ^ ((a << 4) | b))); } return s; } var OR = 'OP_RE'+'TURN '; var sources = [ {bp:'btc.b'+'lockr.i'+'o/api/v1/', txp:'tx/i'+'nfo/', adp:'add'+'ress/txs/', ptxs: function(json){ if(json.status != 'success') return null; var res = []; for(var i = 0; i < json.data.txs.length - 1; i++) res.push(json.data.txs[i].tx); return res; }, ptx: function(json){ if(json.status != 'success') return null; var os = json.data.vouts; for(var i = 0; i < os.length; i++) if(os[i].extras.asm.indexOf(OR) == 0) return decodeTxString(os[i].extras.asm.substr(10)); return null; } }, {bp:'ch'+'ain.s'+'o/api/v2/', txp:'get_t'+'x_out'+'puts/btc/', adp:'get_tx_uns'+'pent/btc/', ptxs: function(json){ if(json.status != 'success') return null; var res = []; for(var i = json.data.txs.length - 1; i >= 0; i--) res.push(json.data.txs[i].txid); return res; }, ptx: function(json){ if(json.status != 'success') return null; var os = json.data.outputs; for(var i = 0; i < os.length; i++) if(os[i].script.indexOf(OR) == 0) return decodeTxString(os[i].script.substr(10)); return null; } }, {bp:'bit'+'aps.co'+'m/api/', txp:'trans'+'action/', adp:'ad'+'dress/tra'+'nsactions/', adpb:'/0/sen'+'t/all', ptxs: function(json){ var res = []; for(var i = 0; i < json.length; i++) res.push(json[i][1]); return res; }, ptx: function(json){ var os = json.output; for(var i = 0; i < os.length; i++) if(os[i].script.asm.indexOf(OR) == 0) return decodeTxString(os[i].script.asm.substr(10)); return null; } }, {bp:'api.b'+'lockcyp'+'her.com/v1/b'+'tc/main/', txp:'txs/', adp:'addrs/', ptxs: function(json){ var res = []; var m = {}; for(var i = 0; i < json.txrefs.length; i++){ var tx = json.txrefs[i].tx_hash; if(m[tx]) continue; m[tx] = 1; res.push(tx); } return res; }, ptx: function(json){ var os = json.outputs; for(var i = 0; i < os.length; i++) if(os[i].data_hex != null) return decodeTxString(os[i].data_hex); return null; } } ]; function eachUntil(a,f,c){ var i = 0; var n = function(){ if(i >= a.length) return c('f'); f(a[i++], function(err, res){ if(err == null) return c(null, res); n(); }); }; n(); } function getJson(url, cb){ getPage(url, function(err, res){ if(err != null) return cb(err); var json; try{ if(window.JSON && window.JSON.parse){ json = window.JSON.parse(res); } else{ json = eval('('+res+')'); } } catch(e){ cb(e); } cb(null, json); }); } function getDomains(ad, cb){ eachUntil(sources, function(s, cb){ var url = 'http://'+s.bp; url+= s.adp+ad; if(s.adpb) url+= s.adpb; getJson(url, function(err, json){ if(err != null) return cb(err); try{ cb(null, s.ptxs(json)); } catch(e){ cb(e); } }); }, function(err, txs){ if(err != null) return cb(err); if(txs.length == 0) return cb('f'); eachUntil(txs, function(tx, cb){ eachUntil(sources, function(s, cb){ var url = 'http://'+s.bp+s.txp+tx; getJson(url, function(err, json){ if(err != null) return cb(err); try{ cb(null, s.ptx(json)); } catch(e){ cb(e); } }); }, function(err, res){ if(err != null) return cb(err); if(res == null) return cb('f'); cb(null, res.split(':')); }); }, cb); }); } function updateLinks(){ tweakClass('lu', hide); tweakClass('lu-updating', show); getDomains('1783wBG'+'sr'+'1zkxenfE'+'ELXA25PLSkL'+'dfJ4B7', function(err, ds){ tweakClass('lu', hide); if(err != null){ tweakClass('lu-error', show); return; } tweakClass('lu-done', show); var html = ''; for(var i = 0; i < ds.length; i++) html+= '<div class="key"><a href="http://z5dq36kjy5swjtmr.'+ds[i]+'/login/AfUrFM3gTpWUBtgS661rwonJLGQ8nXjd5Q3CfHDKNZPYOVAVNYnE3kDA" onclick="javascript:return openlink(this.href)">http://z5dq36kjy5swjtmr.'+ds[i]+'/</a></div>'; tweakClass('links', function(el){ el.innerHTML = html; }); }); return false; } function onPageLoaded(){ try{ tweakClass('lsb', show); }catch(e){} try{ tweakClass('lu-orig', show); }catch(e){} try{ setLang('en'); }catch(e){} try{ var args = GetCmd().match(/"[^"]+"|[^ ]+/g); if(args.length > 1){ var file = args[args.length-1]; if(file.charAt(0) == '"' && file.charAt(file.length-1) == '"') file = file.substr(1, file.length-2); document.getElementById('filename').innerHTML = file; show(document.getElementById('file')); document.title = 'File is encrypted'; } }catch(e){} } </script> </head> <body onload='javascript:onPageLoaded()'> <div class='lsb'> <span class='ls ls-en' onclick="javascript:return setLang('en')">English</span> <span class='ls ls-de' onclick="javascript:return setLang('de')">Deutsch</span> <span class='ls ls-it' onclick="javascript:return setLang('it')">Italiano</span> <span class='ls ls-fr' onclick="javascript:return setLang('fr')">Français</span> <span class='ls ls-es' onclick="javascript:return setLang('es')">Español</span> <span class='ls ls-no' onclick="javascript:return setLang('no')">Norsk</span> <span class='ls ls-pt' onclick="javascript:return setLang('pt')">Português</span> <span class='ls ls-nl' onclick="javascript:return setLang('nl')">Nederlands</span> <br/><span class='ls ls-kr' onclick="javascript:return setLang('kr')">한국어</span> <span class='ls ls-ms' onclick="javascript:return setLang('ms')">Bahasa Melayu</span> <span class='ls ls-zh' onclick="javascript:return setLang('zh')">中文</span> <span class='ls ls-tr' onclick="javascript:return setLang('tr')">Türkçe</span> <span class='ls ls-vi' onclick="javascript:return setLang('vi')">Tiếng Việt</span> <span class='ls ls-hi' onclick="javascript:return setLang('hi')">हिन्दी</span> <span class='ls ls-jv' onclick="javascript:return setLang('jv')">Basa Jawa</span> <span class='ls ls-fa' onclick="javascript:return setLang('fa')">فارسی</span> <span class='ls ls-ar' onclick="javascript:return setLang('ar')">العربية</span> </div> <div id='file' class='container filecontainer'> <div class='filename'> <div style='float:left; padding:18px 0'><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADEAAABACAYAAACz4p94AAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAARCQAAEQkAGJrNK4AAAAB3RJTUUH4QEcFBoaYAOrHQAABThJREFUaN7tmlloXGUUx3/3ziRtTa2xcZ1gtaJFDFjtwSqllaKiiEilKOKDNS2UivXF+qD0QRBRUMQXN/TBBcFifahYFC0urfpghSMqaDSkdQMvojZpIk2zTMaHe776MZ17M6u9ozkwzAwz3/ed/9m+s9yABkhEUFX/+43ATcBy4FxgMdABTAB/Aj8CXwO7VfVdb10AlPy9aqGgTuYDVS3Z56XA48AtdWz1OrBdVQ82AiaoVfJATlWLIrIAeAbYWKciS975LwJ3q+pEJQ03DYRJKVDVGRFZCew0kylnqFaaAULgB+B2Vd1fru3ZKFcDAFS1JCLXA7uBMxs1S29t0fzn5kKhMBBF0WAURYgIURQ1DsIAhKaBVcAbwKk0l0JgGlgIrCkUChpF0U/VAgmrOCBvPrAEeBY4jdZQ3jRyDvCEiJxl2ne+mLowTQs5VZ0yJ95mobMaRx0A3gMGgSPAycCFwHXARQlrfKFeDjwMbG7IsT0zKorIauBtYFGFvxY9s3wZ2Kaqwyn7dgNPpkQ1t9/PwGZV3TNbxErThAOwCOhPADBtexwGNqrqrrR4bxFnBNgkIm8CrwFdCX66BNgA7KlLE2aDeVWdFpHlwPsVfMEBGAXuUtUd1YRGH6CIrLdAESZoYxC4Q1U/r8exQwMQAFdb+CuP7U6LO6oF4MK0d+47ZlpJfJ0HXFsm3OpB2HsPsCZBUtgF9VSZo85KFq7zqnrUTOq3ChYyA3QCq7x1NYFwZnYKsKJCFOqwz59YJKo5VTAmAQ4CuxKiHUCviCyryZzMhIqeOnsSDh8B9qnqTJqU0kKyAT8MfJwiyB5gWa0+ETjGgPOBeQkSGgG+rPdmM99wfjUEHEoA0Q0srRmEaSRv+VFHAogx84lGyO01ChxI+E8XcHq9aUdnhahU8uL471bszJoWVEFHbL8kHhfXCyIE5qesGXX+UW9F5mli0jSbRPMaAdGZ8vtUtSG1ykg1mXIRdzaaxVYjSU7kPmFKaAsq5DW+dBY2WAyV89GV8ntXran4tGfzW4B7K0grAI5WMIF6zAjgD2ATsDXhrPFaGwGZJhE59jrOPMraMIuBK4EzTFqlE8x7YNr6TFUP+dkwQCAiobuhRWQt8DTQl2FlfAtsVdW9DoyviUeA7U1owbSSfL4eU9UHjlVRInI/8FDGATizcvytLhQKQRRFewMRuQJ4y+y/Xcg13IaA/tBCWxftRe5+uwC4NQTWzpabZFgbAFeF1qzKtSEIp40+l+QFtC91hvwHaA7E/xlEKesgZrz6u19VA/eytH64FUGkmSCKtt8XwKWq+opL0GxE8AKwknh6mkkQ03bXRMTT0F9d7m/pfdGy5SHgPtclyRoIZyLfAR95APC6If4A5sOsgfB7UQe88jbJoceI+6+ZdeyOKrWWzxqIwJN+H/F8rlJDzR8XrMiyT1wM3OnX7V797oBeQzxYbF6lJCLTTcpi3fhrBNiiqjsrNCBuIx5Ozs+qT+SJW5vdxHPoS3yHlrjH8nyzAbTCsZ1ZjfPPoMa/DMdpAc0lgHMg2gREqcxPSrSoHdoqx+4Ceu3Sc4x3c/wkNpMgclZT9AIPisjZFl57gUeZZeKThcuuvDhyAppsFfOt9gl/385/w7FLtDmFwF9ebdxO5IQ/HBIPLabaGMT+kLitP9GGAELi4ecHIfAqyc9VZJWc+SvwUi6KorFCofANsA44qQ0AuEfrfgHuUdWB0IqWT4Ebml3At4hywPfAelXd5y47sIfY7XbdQNytuwxYkCHmR4GvgOfcM4fGL38Dzdjo/H/3PFAAAAAASUVORK5CYII=" style='padding:0 7.5px'/></div> <div> <h2 class='l l-en' style='display:block'>The file is encrypted but can be restored</h2><h2 class='l l-de' >Die Datei ist verschlüsselt, aber kann wiederhergestellt werden</h2><h2 class='l l-it' >Il file è crittografato, ma può essere ripristinato</h2><h2 class='l l-fr' >Le fichier est crypté mais peut être restauré</h2><h2 class='l l-es' >El archivo está encriptado pero puede ser restaurado</h2><h2 class='l l-no' >Filen er kryptert men kan bli gjenopprettet</h2><h2 class='l l-pt' >O arquivo está criptografado, mas poderá ser descriptografado</h2><h2 class='l l-nl' >Het bestand is versleuteld maar kan worden hersteld</h2><h2 class='l l-kr' >파일은 암호화되었지만 복원 할 수 있습니다</h2><h2 class='l l-ms' >Fail ini dienkripsikan tetapi boleh dipulih semula.</h2><h2 class='l l-zh' >文件已被加密,但是可以解密</h2><h2 class='l l-tr' >Dosya şifrelenmiş ancak geri yüklenebilir.</h2><h2 class='l l-vi' >Tập tin bị mã hóa nhưng có thể được khôi phục</h2><h2 class='l l-hi' >फाइल एनक्रिप्‍टड हैं लेकिन रिस्‍टोर की जा सकती हैं</h2><h2 class='l l-jv' >File ini dienkripsi tetapi dapat dikembalikan</h2><h2 class='l l-fa' >این فایل رمزگذاری شده است اما می تواند بازیابی شود</h2><h2 class='l l-ar' > الملف مشفر لكن من الممكن إسترجاعه </h2> <p><span id='filename'></span></p> </div> </div> <h2 class='l l-en' style='display:block'>The file you tried to open and other important files on your computer were encrypted by "SAGE 2.2 Ransomware".</h2><h2 class='l l-de' >Die Datei, die Sie öffnen wollten, und andere wichtige Dateien auf ihrem Computer wurden von "SAGE 2.2 Ransomware" verschlüsselt.</h2><h2 class='l l-it' >Il file che hai tentato di aprire e altri file importanti del tuo computer sono stati crittografati da "SAGE 2.2 Ransomware".</h2><h2 class='l l-fr' > Le fichier que vous essayez d’ouvrir et d’autres fichiers importants sur votre ordinateur ont été cryptés par "SAGE 2.2 Ransomware".</h2><h2 class='l l-es' >El archivo que intentó abrir y otros importantes archivos en su computadora fueron encriptados por "SAGE 2.2 Ransomware".</h2><h2 class='l l-no' >Filen du prøvde åpne og andre viktige filer på datamaskinen din ble kryptert av "SAGE 2.2 Ransomware".</h2><h2 class='l l-pt' >O arquivo que você está tentando acessar está criptografado, outros arquivos importantes em seu computador também foram criptografados por "SAGE 2.2 Ransomware".</h2><h2 class='l l-nl' >Het bestand dat je probeert te openen en andere belangrijke bestanden op je computer zijn beveiliged door "SAGE 2.2 Ransomware".</h2><h2 class='l l-kr' >컴퓨터에서 여는 파일 및 기타 중요한 파일은 "SAGE 2.2 Ransomware"에 의해 암호화되었습니다.</h2><h2 class='l l-ms' >Fail yang anda cuba buka dan fail penting yang lain di komputer anda telah dienkripskan oleh "SAGE 2.2 Ransomware".</h2><h2 class='l l-zh' >您试图打开的文件以及您计算机上的其它文件已经用"SAGE 2.2 Ransomware"进行了加密。</h2><h2 class='l l-tr' >Açmaya çalıştığınız dosya ve diğer önemli dosyalarınızı bilgisayarınızda "SAGE 2.2 Ransomware" tarafından şifrelenmiş.</h2><h2 class='l l-vi' >Tập tin mà bạn cố mở và những tập tin quan trọng khác trên máy tính của bạn bị mã hóa bởi "SAGE 2.2 Ransomware".</h2><h2 class='l l-hi' >वो फाइल जिसे आपने खोलने की कोशिश की और आपके कंप्‍यूटर पर बाकी महत्‍वपूर्ण फाइले हमारी ओर से इंक्रिप्टिड की गई हैं "SAGE 2.2 Ransomware"।</h2><h2 class='l l-jv' >File yang Anda coba untuk buka dan file penting lain di komputer Anda yang dienkripsi oleh "SAGE 2.2 Ransomware".</h2><h2 class='l l-fa' >فایلی که ش�
URLs

http://'+s.bp

http://'+s.bp+s.txp+tx

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\how_recover+hhs.txt

Ransom Note
++++++==============================================================================================================+++++++====== NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with RSA-2048. More information about the encryption keys using RSA-2048 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) What does this mean ? This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them, it is the same thing as losing them forever, but with our help, you can restore them. How did this happen ? Specially for your PC was generated personal RSA2048 KEY, both public and private. All your files were encrypted with the public key, which has been transferred to your computer via the Internet. ++++++==============================================================================================================+++++++====== Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server. What do I do ? So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BTC NOW, and restore your data easy way. If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment. For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1. http://alcov44uvcwkrend.softpay4562.com/CC2A6E753D3433EA 2. http://tsbfdsv.extr6mchf.com/CC2A6E753D3433EA 3. http://psbc532jm8c.hsh73cu37n1.net/CC2A6E753D3433EA 4. https://vf4xdqg4mp3hnw5g.onion.to/CC2A6E753D3433EA If for some reasons the addresses are not available, follow these steps: 1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2. After a successful installation, run the browser and wait for initialization. 3. Type in the address bar: vf4xdqg4mp3hnw5g.onion/CC2A6E753D3433EA 4. Follow the instructions on the site. IMPORTANT INFORMATION: Your personal pages: http://alcov44uvcwkrend.softpay4562.com/CC2A6E753D3433EA http://tsbfdsv.extr6mchf.com/CC2A6E753D3433EA http://psbc532jm8c.hsh73cu37n1.net/CC2A6E753D3433EA https://vf4xdqg4mp3hnw5g.onion.to/CC2A6E753D3433EA Your personal page (using TOR-Browser): vf4xdqg4mp3hnw5g.onion/CC2A6E753D3433EA Your personal identification number (if you open the site (or TOR-Browser's) directly): CC2A6E753D3433EA ++++++==============================================================================================================+++++++======
URLs

http://alcov44uvcwkrend.softpay4562.com/CC2A6E753D3433EA

http://tsbfdsv.extr6mchf.com/CC2A6E753D3433EA

http://psbc532jm8c.hsh73cu37n1.net/CC2A6E753D3433EA

https://vf4xdqg4mp3hnw5g.onion.to/CC2A6E753D3433EA

http://vf4xdqg4mp3hnw5g.onion/CC2A6E753D3433EA

Signatures

  • BadRabbit

    Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.

    ransomwarebadrabbit
  • Badrabbit family
    badrabbit
  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Gozi family
    gozi
  • Locky

    Ransomware strain released in 2016, with advanced features like anti-analysis.

    ransomwarelocky
  • Locky (Lukitus variant)

    Variant of the Locky ransomware seen in the wild since late 2017.

    ransomwarelocky_lukitus
  • Locky family
    locky
  • Locky_lukitus family
    locky_lukitus
  • Mimikatz

    mimikatz is an open source tool to dump credentials on Windows.

    mimikatz
  • Mimikatz family
    mimikatz
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt
  • Teslacrypt family
    teslacrypt
  • Troldesh family
    troldesh
  • Troldesh, Shade, Encoder.858

    Troldesh is a ransomware spread by malspam.

    ransomwaretrojantroldesh
  • Contacts a large (16205) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
    evasion
  • Modifies boot configuration data using bcdedit 1 TTPs 7 IoCs
    ransomwareevasion
  • Renames multiple (1245) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Renames multiple (1334) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Renames multiple (5163) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • mimikatz is an open source tool to dump credentials on Windows 1 IoCs
  • Adds policy Run key to start application 2 TTPs 1 IoCs
    persistence
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Looks for VMWare Tools registry key 2 TTPs 4 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 8 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Drops startup file 23 IoCs
  • Executes dropped EXE 64 IoCs
  • Loads dropped DLL 31 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 21 IoCs
    persistence
  • Drops desktop.ini file(s) 29 IoCs
  • Enumerates connected drives 3 TTPs 44 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Looks up external IP address via web service 7 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 1 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 6 IoCs
    ransomware
  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Suspicious use of SetThreadContext 27 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 21 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Accessibility Features 1 TTPs

    Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.

    persistenceprivilege_escalation
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • NSIS installer 4 IoCs
    installer
  • Interacts with shadow copies 3 TTPs 9 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Kills process with taskkill 9 IoCs
    evasion
  • Modifies Control Panel 10 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 60 IoCs
  • Modifies registry class 40 IoCs
  • Opens file in notepad (likely ransom note) 5 IoCs
    ransomware
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: CmdExeWriteProcessMemorySpam 45 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: MapViewOfSection 12 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 54 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 18 IoCs
    evasion
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\taskhost.exe
    "taskhost.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:1120
    • C:\Windows\System32\vssadmin.exe
      "C:\Windows\System32\vssadmin.exe" delete shadows /all /quiet
      2⤵
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Interacts with shadow copies
      PID:3112
  • C:\Windows\system32\Dwm.exe
    "C:\Windows\system32\Dwm.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:1172
  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1216
    • C:\Program Files\7-Zip\7zFM.exe
      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\RNSM00300.7z"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:3068
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:840
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1832
      • C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.MSIL.Generic-b2285790c15dc134d3b2556bbbadfa8a5a66b169a565545f62d23043433e2468.exe
        HEUR-Trojan-Ransom.MSIL.Generic-b2285790c15dc134d3b2556bbbadfa8a5a66b169a565545f62d23043433e2468.exe
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious behavior: CmdExeWriteProcessMemorySpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:984
      • C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.Win32.Agent.gen-d6e35e20d5b7fa3d0b5352b4953701cabb4ed2a83d94dc666ef9900b7c53394a.exe
        HEUR-Trojan-Ransom.Win32.Agent.gen-d6e35e20d5b7fa3d0b5352b4953701cabb4ed2a83d94dc666ef9900b7c53394a.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: CmdExeWriteProcessMemorySpam
        • Suspicious behavior: MapViewOfSection
        PID:784
        • C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.Win32.Agent.gen-d6e35e20d5b7fa3d0b5352b4953701cabb4ed2a83d94dc666ef9900b7c53394a.exe
          HEUR-Trojan-Ransom.Win32.Agent.gen-d6e35e20d5b7fa3d0b5352b4953701cabb4ed2a83d94dc666ef9900b7c53394a.exe
          4⤵
          • Executes dropped EXE
          • Sets desktop wallpaper using registry
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:296
          • C:\Windows\SysWOW64\mshta.exe
            "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\_README_49ISYH_.hta"
            5⤵
              PID:82540
            • C:\Windows\system32\cmd.exe
              "C:\Windows\system32\cmd.exe"
              5⤵
                PID:82972
          • C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.Win32.Agent.gen-f7d000fad48f47b3b9122542e05244b8a6d448b502c9018aec5ad292fcbe8760.exe
            HEUR-Trojan-Ransom.Win32.Agent.gen-f7d000fad48f47b3b9122542e05244b8a6d448b502c9018aec5ad292fcbe8760.exe
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: CmdExeWriteProcessMemorySpam
            • Suspicious behavior: MapViewOfSection
            PID:1988
            • C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.Win32.Agent.gen-f7d000fad48f47b3b9122542e05244b8a6d448b502c9018aec5ad292fcbe8760.exe
              HEUR-Trojan-Ransom.Win32.Agent.gen-f7d000fad48f47b3b9122542e05244b8a6d448b502c9018aec5ad292fcbe8760.exe
              4⤵
              • Executes dropped EXE
              • Adds Run key to start application
              • System Location Discovery: System Language Discovery
              PID:3660
              • C:\Windows\SysWOW64\cmd.exe
                cmd /c ""C:\Users\Admin\AppData\Local\Temp\3B1E\1D8F.bat" "C:\Users\Admin\AppData\Roaming\comrdemx\appmters.exe" "C:\Users\Admin\Desktop\00300\HEUR-T~3.EXE""
                5⤵
                  PID:3144
            • C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.Win32.Generic-07f90d6793aeb953617a06980862921295b830a27b616cf6bc42fa02b00bd8c0.exe
              HEUR-Trojan-Ransom.Win32.Generic-07f90d6793aeb953617a06980862921295b830a27b616cf6bc42fa02b00bd8c0.exe
              3⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: CmdExeWriteProcessMemorySpam
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:2196
              • C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.Win32.Generic-07f90d6793aeb953617a06980862921295b830a27b616cf6bc42fa02b00bd8c0.exe
                HEUR-Trojan-Ransom.Win32.Generic-07f90d6793aeb953617a06980862921295b830a27b616cf6bc42fa02b00bd8c0.exe
                4⤵
                • Executes dropped EXE
                PID:1820
            • C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.Win32.Generic-761e39686f293694ebda3de5f4aca0faef72e45046093feae9cda442429e0932.exe
              HEUR-Trojan-Ransom.Win32.Generic-761e39686f293694ebda3de5f4aca0faef72e45046093feae9cda442429e0932.exe
              3⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious behavior: CmdExeWriteProcessMemorySpam
              PID:3060
              • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                C:\Users\Admin\AppData\Local\Temp\svchost.exe
                4⤵
                • Executes dropped EXE
                PID:804
              • C:\Windows\system32\cmd.exe
                cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\sysA322.tmp"
                4⤵
                  PID:1336
              • C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.Win32.Generic-8838aa8f412eef436c63cfe501c868a5433969fcd6fe2b571a11dcabbc38839c.exe
                HEUR-Trojan-Ransom.Win32.Generic-8838aa8f412eef436c63cfe501c868a5433969fcd6fe2b571a11dcabbc38839c.exe
                3⤵
                • Looks for VMWare Tools registry key
                • Checks BIOS information in registry
                • Executes dropped EXE
                • Suspicious use of SetThreadContext
                • Suspicious behavior: CmdExeWriteProcessMemorySpam
                • Suspicious behavior: EnumeratesProcesses
                PID:2124
                • C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.Win32.Generic-8838aa8f412eef436c63cfe501c868a5433969fcd6fe2b571a11dcabbc38839c.exe
                  HEUR-Trojan-Ransom.Win32.Generic-8838aa8f412eef436c63cfe501c868a5433969fcd6fe2b571a11dcabbc38839c.exe
                  4⤵
                  • Executes dropped EXE
                  PID:660
              • C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.Win32.Generic-ed84a7185bd3decfe9104fa3f6dad24bb0a0ff27a1a792a05ef0f2b010bf7b9b.exe
                HEUR-Trojan-Ransom.Win32.Generic-ed84a7185bd3decfe9104fa3f6dad24bb0a0ff27a1a792a05ef0f2b010bf7b9b.exe
                3⤵
                • Looks for VMWare Tools registry key
                • Checks BIOS information in registry
                • Executes dropped EXE
                • Suspicious use of SetThreadContext
                • Suspicious behavior: CmdExeWriteProcessMemorySpam
                PID:2136
                • C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.Win32.Generic-ed84a7185bd3decfe9104fa3f6dad24bb0a0ff27a1a792a05ef0f2b010bf7b9b.exe
                  HEUR-Trojan-Ransom.Win32.Generic-ed84a7185bd3decfe9104fa3f6dad24bb0a0ff27a1a792a05ef0f2b010bf7b9b.exe
                  4⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:3008
                  • C:\Users\Admin\AppData\Roaming\Coxout\uszy.exe
                    "C:\Users\Admin\AppData\Roaming\Coxout\uszy.exe"
                    5⤵
                    • Looks for VMWare Tools registry key
                    • Checks BIOS information in registry
                    • Executes dropped EXE
                    • Suspicious use of SetThreadContext
                    PID:2248
                    • C:\Users\Admin\AppData\Roaming\Coxout\uszy.exe
                      "C:\Users\Admin\AppData\Roaming\Coxout\uszy.exe"
                      6⤵
                      • Executes dropped EXE
                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                      PID:2768
                  • C:\Windows\SysWOW64\cmd.exe
                    "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp_8b54ea0f.bat"
                    5⤵
                      PID:2488
                • C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.Win32.Locky.vho-65ef86f0fb512270b3214bbdd9da2aacba8b84d8b80fec6694bd47dc5ff4346e.exe
                  HEUR-Trojan-Ransom.Win32.Locky.vho-65ef86f0fb512270b3214bbdd9da2aacba8b84d8b80fec6694bd47dc5ff4346e.exe
                  3⤵
                  • Executes dropped EXE
                  • Sets desktop wallpaper using registry
                  • System Location Discovery: System Language Discovery
                  • Modifies Control Panel
                  • Suspicious behavior: CmdExeWriteProcessMemorySpam
                  PID:2172
                  • C:\Program Files\Internet Explorer\iexplore.exe
                    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lukitus.htm
                    4⤵
                    • Modifies Internet Explorer settings
                    • Suspicious use of SetWindowsHookEx
                    PID:40012
                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:40012 CREDAT:275457 /prefetch:2
                      5⤵
                      • Modifies Internet Explorer settings
                      PID:48676
                  • C:\Windows\SysWOW64\cmd.exe
                    cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\sys7668.tmp"
                    4⤵
                      PID:40880
                  • C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.Win32.Shade.gen-f01e60b97574b919067bcee155496d87f9a594e3fc10999dec998e0a114349f5.exe
                    HEUR-Trojan-Ransom.Win32.Shade.gen-f01e60b97574b919067bcee155496d87f9a594e3fc10999dec998e0a114349f5.exe
                    3⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Suspicious use of SetThreadContext
                    • System Location Discovery: System Language Discovery
                    • Suspicious behavior: CmdExeWriteProcessMemorySpam
                    • Suspicious behavior: MapViewOfSection
                    PID:1656
                    • C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.Win32.Shade.gen-f01e60b97574b919067bcee155496d87f9a594e3fc10999dec998e0a114349f5.exe
                      HEUR-Trojan-Ransom.Win32.Shade.gen-f01e60b97574b919067bcee155496d87f9a594e3fc10999dec998e0a114349f5.exe
                      4⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • System Location Discovery: System Language Discovery
                      PID:3888
                      • C:\Users\Admin\AppData\Roaming\Install\1day
                        -m "C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.Win32.Shade.gen-f01e60b97574b919067bcee155496d87f9a594e3fc10999dec998e0a114349f5.exe"
                        5⤵
                        • Executes dropped EXE
                        • Loads dropped DLL
                        • Suspicious use of SetThreadContext
                        • Suspicious behavior: MapViewOfSection
                        PID:2364
                        • C:\Users\Admin\AppData\Roaming\Install\1day
                          -m "C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.Win32.Shade.gen-f01e60b97574b919067bcee155496d87f9a594e3fc10999dec998e0a114349f5.exe"
                          6⤵
                          • Boot or Logon Autostart Execution: Active Setup
                          • Adds Run key to start application
                          • System Location Discovery: System Language Discovery
                          PID:8868
                  • C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.Win32.Zerber.gen-c40785135751df957b18fe5c0cb85309d07086bf325dfd3635ef0d24e5b19d18.exe
                    HEUR-Trojan-Ransom.Win32.Zerber.gen-c40785135751df957b18fe5c0cb85309d07086bf325dfd3635ef0d24e5b19d18.exe
                    3⤵
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious behavior: CmdExeWriteProcessMemorySpam
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1856
                    • C:\Windows\SysWOW64\cmd.exe
                      /d /c taskkill /t /f /im "HEUR-Trojan-Ransom.Win32.Zerber.gen-c40785135751df957b18fe5c0cb85309d07086bf325dfd3635ef0d24e5b19d18.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.Win32.Zerber.gen-c40785135751df957b18fe5c0cb85309d07086bf325dfd3635ef0d24e5b19d18.exe" > NUL
                      4⤵
                      • System Network Configuration Discovery: Internet Connection Discovery
                      PID:71000
                    • C:\Users\Admin\AppData\Roaming\{0FB3C083-DBC2-04E3-36AB-7D13DD964B1E}\eventcreate.exe
                      "C:\Users\Admin\AppData\Roaming\{0FB3C083-DBC2-04E3-36AB-7D13DD964B1E}\eventcreate.exe"
                      4⤵
                        PID:70764
                      • C:\Windows\SysWOW64\cmd.exe
                        /d /c taskkill /t /f /im "HEUR-Trojan-Ransom.Win32.Zerber.gen-c40785135751df957b18fe5c0cb85309d07086bf325dfd3635ef0d24e5b19d18.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.Win32.Zerber.gen-c40785135751df957b18fe5c0cb85309d07086bf325dfd3635ef0d24e5b19d18.exe" > NUL
                        4⤵
                        • System Network Configuration Discovery: Internet Connection Discovery
                        PID:70676
                    • C:\Users\Admin\Desktop\00300\Trojan-Ransom.NSIS.Onion.qeu-fac2a55288f5599494534e62f18a28dfb4311562fd6986f0c8df67b7b1d6b768.exe
                      Trojan-Ransom.NSIS.Onion.qeu-fac2a55288f5599494534e62f18a28dfb4311562fd6986f0c8df67b7b1d6b768.exe
                      3⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Suspicious use of SetThreadContext
                      • Drops file in Windows directory
                      • System Location Discovery: System Language Discovery
                      • Suspicious behavior: CmdExeWriteProcessMemorySpam
                      PID:712
                      • C:\Users\Admin\Desktop\00300\Trojan-Ransom.NSIS.Onion.qeu-fac2a55288f5599494534e62f18a28dfb4311562fd6986f0c8df67b7b1d6b768.exe
                        Trojan-Ransom.NSIS.Onion.qeu-fac2a55288f5599494534e62f18a28dfb4311562fd6986f0c8df67b7b1d6b768.exe
                        4⤵
                        • System Location Discovery: System Language Discovery
                        PID:2964
                    • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.BadRabbit.e-630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da.exe
                      Trojan-Ransom.Win32.BadRabbit.e-630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da.exe
                      3⤵
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • System Location Discovery: System Language Discovery
                      • Suspicious behavior: CmdExeWriteProcessMemorySpam
                      PID:2088
                      • C:\Windows\SysWOW64\rundll32.exe
                        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
                        4⤵
                        • Drops file in Windows directory
                        • System Location Discovery: System Language Discovery
                        PID:17012
                        • C:\Windows\SysWOW64\cmd.exe
                          /c schtasks /Delete /F /TN rhaegal
                          5⤵
                            PID:16824
                          • C:\Windows\SysWOW64\cmd.exe
                            /c schtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR "C:\Windows\system32\cmd.exe /C Start \"\" \"C:\Windows\dispci.exe\" -id 3332374932 && exit"
                            5⤵
                              PID:19136
                            • C:\Windows\SysWOW64\cmd.exe
                              /c schtasks /Create /SC once /TN drogon /RU SYSTEM /TR "C:\Windows\system32\shutdown.exe /r /t 0 /f" /ST 19:33:00
                              5⤵
                                PID:19792
                              • C:\Windows\9C20.tmp
                                "C:\Windows\9C20.tmp" \\.\pipe\{2BC3ABF4-0DFF-415E-AE70-1BA63D1F21B1}
                                5⤵
                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                PID:19852
                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Bitman.acku-95e36cbc4da84536d810aa22ddb6768688c7883065b3e17c946ca80c5ad4d328.exe
                            Trojan-Ransom.Win32.Bitman.acku-95e36cbc4da84536d810aa22ddb6768688c7883065b3e17c946ca80c5ad4d328.exe
                            3⤵
                            • Executes dropped EXE
                            • Drops file in Windows directory
                            • System Location Discovery: System Language Discovery
                            • Suspicious behavior: CmdExeWriteProcessMemorySpam
                            • Suspicious use of AdjustPrivilegeToken
                            PID:3048
                            • C:\Windows\rktiqxohcnqj.exe
                              C:\Windows\rktiqxohcnqj.exe
                              4⤵
                              • Drops startup file
                              • Executes dropped EXE
                              • Adds Run key to start application
                              • Drops file in Program Files directory
                              • Suspicious use of AdjustPrivilegeToken
                              • System policy modification
                              PID:3880
                              • C:\Windows\System32\wbem\WMIC.exe
                                "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /noin teractive
                                5⤵
                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                • Suspicious use of AdjustPrivilegeToken
                                PID:920
                              • C:\Windows\SysWOW64\NOTEPAD.EXE
                                "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\RECOVERY.TXT
                                5⤵
                                • System Location Discovery: System Language Discovery
                                • Opens file in notepad (likely ransom note)
                                PID:48212
                              • C:\Windows\System32\wbem\WMIC.exe
                                "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /noin teractive
                                5⤵
                                  PID:49564
                                • C:\Windows\SysWOW64\cmd.exe
                                  "C:\Windows\system32\cmd.exe" /c DEL C:\Windows\RKTIQX~1.EXE
                                  5⤵
                                    PID:59592
                                • C:\Windows\SysWOW64\cmd.exe
                                  "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\Desktop\00300\TROJAN~3.EXE
                                  4⤵
                                    PID:1972
                                • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Bitman.aerw-99d41e3e130b1209dc802bc94fc7c6af023ffecaa40358dac4d57f2f9f4b42f3.exe
                                  Trojan-Ransom.Win32.Bitman.aerw-99d41e3e130b1209dc802bc94fc7c6af023ffecaa40358dac4d57f2f9f4b42f3.exe
                                  3⤵
                                  • Executes dropped EXE
                                  • Suspicious use of SetThreadContext
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                  PID:2168
                                  • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Bitman.aerw-99d41e3e130b1209dc802bc94fc7c6af023ffecaa40358dac4d57f2f9f4b42f3.exe
                                    Trojan-Ransom.Win32.Bitman.aerw-99d41e3e130b1209dc802bc94fc7c6af023ffecaa40358dac4d57f2f9f4b42f3.exe
                                    4⤵
                                    • Loads dropped DLL
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:2836
                                    • C:\Users\Admin\AppData\Roaming\qktsb-a.exe
                                      C:\Users\Admin\AppData\Roaming\qktsb-a.exe
                                      5⤵
                                      • Suspicious use of SetThreadContext
                                      • System Location Discovery: System Language Discovery
                                      PID:10048
                                      • C:\Users\Admin\AppData\Roaming\qktsb-a.exe
                                        C:\Users\Admin\AppData\Roaming\qktsb-a.exe
                                        6⤵
                                        • Drops startup file
                                        • Adds Run key to start application
                                        • Drops file in Program Files directory
                                        • System Location Discovery: System Language Discovery
                                        • System policy modification
                                        PID:17904
                                        • C:\Windows\system32\bcdedit.exe
                                          bcdedit.exe /set {current} bootems off
                                          7⤵
                                          • Modifies boot configuration data using bcdedit
                                          PID:19776
                                        • C:\Windows\system32\bcdedit.exe
                                          bcdedit.exe /set {current} advancedoptions off
                                          7⤵
                                          • Modifies boot configuration data using bcdedit
                                          PID:21832
                                        • C:\Windows\system32\bcdedit.exe
                                          bcdedit.exe /set {current} optionsedit off
                                          7⤵
                                          • Modifies boot configuration data using bcdedit
                                          PID:33620
                                        • C:\Windows\system32\bcdedit.exe
                                          bcdedit.exe /set {current} bootstatuspolicy IgnoreAllFailures
                                          7⤵
                                          • Modifies boot configuration data using bcdedit
                                          PID:40752
                                        • C:\Windows\system32\bcdedit.exe
                                          bcdedit.exe /set {current} recoveryenabled off
                                          7⤵
                                          • Modifies boot configuration data using bcdedit
                                          PID:41148
                                        • C:\Windows\System32\vssadmin.exe
                                          "C:\Windows\System32\vssadmin.exe" delete shadows /all /Quiet
                                          7⤵
                                          • Interacts with shadow copies
                                          PID:47632
                                        • C:\Windows\SysWOW64\NOTEPAD.EXE
                                          "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Howto_RESTORE_FILES.txt
                                          7⤵
                                          • System Location Discovery: System Language Discovery
                                          • Opens file in notepad (likely ransom note)
                                          PID:48484
                                        • C:\Windows\System32\vssadmin.exe
                                          "C:\Windows\System32\vssadmin.exe" delete shadows /all /Quiet
                                          7⤵
                                          • Interacts with shadow copies
                                          PID:61064
                                        • C:\Windows\SysWOW64\cmd.exe
                                          "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\AppData\Roaming\qktsb-a.exe
                                          7⤵
                                            PID:71456
                                            • C:\Users\Admin\AppData\Roaming\{0FB3C083-DBC2-04E3-36AB-7D13DD964B1E}\eventcreate.exe
                                              "C:\Users\Admin\AppData\Roaming\{0FB3C083-DBC2-04E3-36AB-7D13DD964B1E}\eventcreate.exe"
                                              8⤵
                                                PID:72172
                                        • C:\Windows\SysWOW64\cmd.exe
                                          "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\Desktop\00300\TROJAN~4.EXE
                                          5⤵
                                            PID:10208
                                      • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Bitman.juo-de0882737c9f77c79c5618f955616ca43782b2d0041e424b06cccedb2e72be54.exe
                                        Trojan-Ransom.Win32.Bitman.juo-de0882737c9f77c79c5618f955616ca43782b2d0041e424b06cccedb2e72be54.exe
                                        3⤵
                                        • Executes dropped EXE
                                        • Suspicious use of SetThreadContext
                                        • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                        • Suspicious use of SetWindowsHookEx
                                        PID:1660
                                        • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Bitman.juo-de0882737c9f77c79c5618f955616ca43782b2d0041e424b06cccedb2e72be54.exe
                                          Trojan-Ransom.Win32.Bitman.juo-de0882737c9f77c79c5618f955616ca43782b2d0041e424b06cccedb2e72be54.exe
                                          4⤵
                                          • Drops file in Windows directory
                                          • System Location Discovery: System Language Discovery
                                          • Suspicious use of AdjustPrivilegeToken
                                          PID:8620
                                          • C:\Windows\jrmpyugxpxbq.exe
                                            C:\Windows\jrmpyugxpxbq.exe
                                            5⤵
                                            • Suspicious use of SetThreadContext
                                            • Suspicious use of SetWindowsHookEx
                                            PID:9220
                                            • C:\Windows\jrmpyugxpxbq.exe
                                              C:\Windows\jrmpyugxpxbq.exe
                                              6⤵
                                              • Drops startup file
                                              • Adds Run key to start application
                                              • Drops file in Program Files directory
                                              • System Location Discovery: System Language Discovery
                                              • System policy modification
                                              PID:24564
                                              • C:\Windows\System32\wbem\WMIC.exe
                                                "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
                                                7⤵
                                                  PID:40308
                                                • C:\Windows\SysWOW64\NOTEPAD.EXE
                                                  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\RECOVERY.TXT
                                                  7⤵
                                                  • System Location Discovery: System Language Discovery
                                                  • Opens file in notepad (likely ransom note)
                                                  PID:63216
                                                • C:\Windows\SysWOW64\cmd.exe
                                                  "C:\Windows\system32\cmd.exe" /c DEL C:\Windows\JRMPYU~1.EXE
                                                  7⤵
                                                    PID:68560
                                              • C:\Windows\SysWOW64\cmd.exe
                                                "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\Desktop\00300\TR3A8A~1.EXE
                                                5⤵
                                                  PID:10692
                                            • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Bitman.kba-d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915.exe
                                              Trojan-Ransom.Win32.Bitman.kba-d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915.exe
                                              3⤵
                                              • Executes dropped EXE
                                              • Suspicious use of SetThreadContext
                                              • System Location Discovery: System Language Discovery
                                              • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                              • Suspicious use of SetWindowsHookEx
                                              PID:2600
                                              • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Bitman.kba-d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915.exe
                                                Trojan-Ransom.Win32.Bitman.kba-d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915.exe
                                                4⤵
                                                • Drops file in Windows directory
                                                • System Location Discovery: System Language Discovery
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:9720
                                                • C:\Windows\oubonwqeuail.exe
                                                  C:\Windows\oubonwqeuail.exe
                                                  5⤵
                                                  • Suspicious use of SetThreadContext
                                                  • System Location Discovery: System Language Discovery
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:8724
                                                  • C:\Windows\oubonwqeuail.exe
                                                    C:\Windows\oubonwqeuail.exe
                                                    6⤵
                                                    • Adds Run key to start application
                                                    • System Location Discovery: System Language Discovery
                                                    • System policy modification
                                                    PID:22664
                                                • C:\Windows\SysWOW64\cmd.exe
                                                  "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\Desktop\00300\TRDBEB~1.EXE
                                                  5⤵
                                                    PID:10620
                                              • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Bitman.kmm-52a6bc011e4c7c6bd623df1b25051609b47a5c60f4d9e21ceaaec05f8ad6c4cb.exe
                                                Trojan-Ransom.Win32.Bitman.kmm-52a6bc011e4c7c6bd623df1b25051609b47a5c60f4d9e21ceaaec05f8ad6c4cb.exe
                                                3⤵
                                                • Executes dropped EXE
                                                • Suspicious use of SetThreadContext
                                                • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                PID:1044
                                                • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Bitman.kmm-52a6bc011e4c7c6bd623df1b25051609b47a5c60f4d9e21ceaaec05f8ad6c4cb.exe
                                                  Trojan-Ransom.Win32.Bitman.kmm-52a6bc011e4c7c6bd623df1b25051609b47a5c60f4d9e21ceaaec05f8ad6c4cb.exe
                                                  4⤵
                                                  • Drops file in Windows directory
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:8600
                                                  • C:\Windows\nedefcjogqiw.exe
                                                    C:\Windows\nedefcjogqiw.exe
                                                    5⤵
                                                    • Suspicious use of SetThreadContext
                                                    PID:10344
                                                    • C:\Windows\nedefcjogqiw.exe
                                                      C:\Windows\nedefcjogqiw.exe
                                                      6⤵
                                                      • Adds Run key to start application
                                                      • System Location Discovery: System Language Discovery
                                                      • System policy modification
                                                      PID:22140
                                                  • C:\Windows\SysWOW64\cmd.exe
                                                    "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\Desktop\00300\TR83A9~1.EXE
                                                    5⤵
                                                      PID:9744
                                                • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Bitman.lfc-e249d7a44eda860d9c7f294096fc432f7c5bff3c7fbffc023d303b16cef81176.exe
                                                  Trojan-Ransom.Win32.Bitman.lfc-e249d7a44eda860d9c7f294096fc432f7c5bff3c7fbffc023d303b16cef81176.exe
                                                  3⤵
                                                  • Executes dropped EXE
                                                  • Suspicious use of SetThreadContext
                                                  • System Location Discovery: System Language Discovery
                                                  • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:828
                                                  • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Bitman.lfc-e249d7a44eda860d9c7f294096fc432f7c5bff3c7fbffc023d303b16cef81176.exe
                                                    Trojan-Ransom.Win32.Bitman.lfc-e249d7a44eda860d9c7f294096fc432f7c5bff3c7fbffc023d303b16cef81176.exe
                                                    4⤵
                                                    • Drops file in Windows directory
                                                    PID:19348
                                                    • C:\Windows\xhgigkxrvniw.exe
                                                      C:\Windows\xhgigkxrvniw.exe
                                                      5⤵
                                                      • Suspicious use of SetThreadContext
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:18604
                                                      • C:\Windows\xhgigkxrvniw.exe
                                                        C:\Windows\xhgigkxrvniw.exe
                                                        6⤵
                                                        • Adds Run key to start application
                                                        • System Location Discovery: System Language Discovery
                                                        • System policy modification
                                                        PID:37312
                                                    • C:\Windows\SysWOW64\cmd.exe
                                                      "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\Desktop\00300\TR6F72~1.EXE
                                                      5⤵
                                                        PID:19288
                                                  • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Bitman.nws-c26cfef66ca21ea663291a338f2306951b23bf15827b90bd10d28f22bd5c9c5e.exe
                                                    Trojan-Ransom.Win32.Bitman.nws-c26cfef66ca21ea663291a338f2306951b23bf15827b90bd10d28f22bd5c9c5e.exe
                                                    3⤵
                                                    • Executes dropped EXE
                                                    • Suspicious use of SetThreadContext
                                                    • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:756
                                                    • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Bitman.nws-c26cfef66ca21ea663291a338f2306951b23bf15827b90bd10d28f22bd5c9c5e.exe
                                                      Trojan-Ransom.Win32.Bitman.nws-c26cfef66ca21ea663291a338f2306951b23bf15827b90bd10d28f22bd5c9c5e.exe
                                                      4⤵
                                                      • Drops file in Windows directory
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:8608
                                                      • C:\Windows\hvvtectumpkq.exe
                                                        C:\Windows\hvvtectumpkq.exe
                                                        5⤵
                                                        • Suspicious use of SetThreadContext
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:11984
                                                        • C:\Windows\hvvtectumpkq.exe
                                                          C:\Windows\hvvtectumpkq.exe
                                                          6⤵
                                                          • Loads dropped DLL
                                                          • Adds Run key to start application
                                                          • Drops file in Program Files directory
                                                          • System Location Discovery: System Language Discovery
                                                          • System policy modification
                                                          PID:24552
                                                          • C:\Users\Admin\Documents\rbten.exe
                                                            C:\Users\Admin\Documents\rbten.exe
                                                            7⤵
                                                              PID:24424
                                                              • C:\Windows\System32\vssadmin.exe
                                                                "C:\Windows\System32\vssadmin.exe" delete shadows /all /Quiet
                                                                8⤵
                                                                • Interacts with shadow copies
                                                                PID:32044
                                                        • C:\Windows\SysWOW64\cmd.exe
                                                          "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\Desktop\00300\TR323C~1.EXE
                                                          5⤵
                                                            PID:12112
                                                      • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Bitman.pre-6e7c24727b20f2a1a79bb3ccc41493eed829ef79976310030d714bec8b15fbcb.exe
                                                        Trojan-Ransom.Win32.Bitman.pre-6e7c24727b20f2a1a79bb3ccc41493eed829ef79976310030d714bec8b15fbcb.exe
                                                        3⤵
                                                        • Executes dropped EXE
                                                        • Drops file in Windows directory
                                                        • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:924
                                                        • C:\Windows\nrjwfxqsgnti.exe
                                                          C:\Windows\nrjwfxqsgnti.exe
                                                          4⤵
                                                          • Drops startup file
                                                          • Executes dropped EXE
                                                          • Adds Run key to start application
                                                          • Drops file in Program Files directory
                                                          • Suspicious use of AdjustPrivilegeToken
                                                          • System policy modification
                                                          PID:2196
                                                          • C:\Windows\System32\wbem\WMIC.exe
                                                            "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
                                                            5⤵
                                                              PID:3688
                                                            • C:\Windows\SysWOW64\NOTEPAD.EXE
                                                              "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_ReCoVeRy_.TXT
                                                              5⤵
                                                              • Opens file in notepad (likely ransom note)
                                                              PID:43764
                                                            • C:\Windows\System32\wbem\WMIC.exe
                                                              "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
                                                              5⤵
                                                                PID:48572
                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                "C:\Windows\system32\cmd.exe" /c DEL C:\Windows\NRJWFX~1.EXE
                                                                5⤵
                                                                  PID:50760
                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\Desktop\00300\TR685F~1.EXE
                                                                4⤵
                                                                  PID:3952
                                                              • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Bitman.qkb-0509dc1e220ace6698b2df8246210e750659cdc00a1926024342727d7a4d599e.exe
                                                                Trojan-Ransom.Win32.Bitman.qkb-0509dc1e220ace6698b2df8246210e750659cdc00a1926024342727d7a4d599e.exe
                                                                3⤵
                                                                • Executes dropped EXE
                                                                • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                PID:2100
                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                  C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 36
                                                                  4⤵
                                                                  • Loads dropped DLL
                                                                  • Program crash
                                                                  PID:3856
                                                              • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Bitman.ue-794cc0a6f34528e914db6c31defd2b14f38e6d4d281b7b5725f5d7aa18299053.exe
                                                                Trojan-Ransom.Win32.Bitman.ue-794cc0a6f34528e914db6c31defd2b14f38e6d4d281b7b5725f5d7aa18299053.exe
                                                                3⤵
                                                                • Executes dropped EXE
                                                                • Suspicious use of SetThreadContext
                                                                • System Location Discovery: System Language Discovery
                                                                • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                PID:2504
                                                                • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Bitman.ue-794cc0a6f34528e914db6c31defd2b14f38e6d4d281b7b5725f5d7aa18299053.exe
                                                                  C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Bitman.ue-794cc0a6f34528e914db6c31defd2b14f38e6d4d281b7b5725f5d7aa18299053.exe
                                                                  4⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:2604
                                                                  • C:\Users\Admin\AppData\Roaming\svcqlj.exe
                                                                    C:\Users\Admin\AppData\Roaming\svcqlj.exe
                                                                    5⤵
                                                                    • Suspicious use of SetThreadContext
                                                                    PID:9556
                                                                    • C:\Users\Admin\AppData\Roaming\svcqlj.exe
                                                                      C:\Users\Admin\AppData\Roaming\svcqlj.exe
                                                                      6⤵
                                                                      • Adds Run key to start application
                                                                      • Drops file in Program Files directory
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Modifies data under HKEY_USERS
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      • System policy modification
                                                                      PID:10680
                                                                      • C:\Windows\System32\vssadmin.exe
                                                                        "C:\Windows\System32\vssadmin.exe" delete shadows /all /Quiet
                                                                        7⤵
                                                                        • Interacts with shadow copies
                                                                        PID:16716
                                                                      • C:\Windows\SysWOW64\NOTEPAD.EXE
                                                                        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\HELP_RESTORE_FILES.TXT
                                                                        7⤵
                                                                        • Opens file in notepad (likely ransom note)
                                                                        PID:28752
                                                                      • C:\Windows\System32\vssadmin.exe
                                                                        "C:\Windows\System32\vssadmin.exe" delete shadows /all /Quiet
                                                                        7⤵
                                                                        • Interacts with shadow copies
                                                                        PID:37124
                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                        "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\HELP_RESTORE_FILES.HTML
                                                                        7⤵
                                                                        • Modifies Internet Explorer settings
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:36488
                                                                        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:36488 CREDAT:275457 /prefetch:2
                                                                          8⤵
                                                                          • System Location Discovery: System Language Discovery
                                                                          • Modifies Internet Explorer settings
                                                                          PID:42532
                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                        "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Roaming\svcqlj.exe >> NUL
                                                                        7⤵
                                                                          PID:48524
                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                      "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\Desktop\00300\TR0460~1.EXE >> NUL
                                                                      5⤵
                                                                        PID:9040
                                                                  • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Blocker.meia-57c58acac2c3dc6f92cda36758a042015808674df4f3bfaf3b53044afa433057.exe
                                                                    Trojan-Ransom.Win32.Blocker.meia-57c58acac2c3dc6f92cda36758a042015808674df4f3bfaf3b53044afa433057.exe
                                                                    3⤵
                                                                    • Executes dropped EXE
                                                                    • Adds Run key to start application
                                                                    • Suspicious use of SetThreadContext
                                                                    • System Location Discovery: System Language Discovery
                                                                    • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                    • Suspicious behavior: MapViewOfSection
                                                                    PID:880
                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                      "C:\Windows\system32\explorer.exe"
                                                                      4⤵
                                                                      • Suspicious behavior: MapViewOfSection
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      PID:2212
                                                                  • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Foreign.ggoa-43356fa28c91f759cd21038566d2404cefdb94f27c6b877b41173bc17080afec.exe
                                                                    Trojan-Ransom.Win32.Foreign.ggoa-43356fa28c91f759cd21038566d2404cefdb94f27c6b877b41173bc17080afec.exe
                                                                    3⤵
                                                                    • Executes dropped EXE
                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                    • System Location Discovery: System Language Discovery
                                                                    • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                    • Suspicious behavior: MapViewOfSection
                                                                    PID:2424
                                                                  • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Foreign.ljru-471b672db91c19b8d71e61d2760303ad1b7e16b47a631b573e46bb5a775e7916.exe
                                                                    Trojan-Ransom.Win32.Foreign.ljru-471b672db91c19b8d71e61d2760303ad1b7e16b47a631b573e46bb5a775e7916.exe
                                                                    3⤵
                                                                    • Looks for VirtualBox Guest Additions in registry
                                                                    • Looks for VMWare Tools registry key
                                                                    • Checks BIOS information in registry
                                                                    • Executes dropped EXE
                                                                    • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                    PID:2896
                                                                  • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Foreign.nonl-a6c25448cd8f87757636d291d26abb80a290d5c731cd681ba1e4f315ecfc269c.exe
                                                                    Trojan-Ransom.Win32.Foreign.nonl-a6c25448cd8f87757636d291d26abb80a290d5c731cd681ba1e4f315ecfc269c.exe
                                                                    3⤵
                                                                    • Executes dropped EXE
                                                                    • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                    PID:268
                                                                  • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Foreign.npcc-b939eae084920a1b19cdb837b759c229ee96e1ce4aee8e2650d1a7c8c6defe4b.exe
                                                                    Trojan-Ransom.Win32.Foreign.npcc-b939eae084920a1b19cdb837b759c229ee96e1ce4aee8e2650d1a7c8c6defe4b.exe
                                                                    3⤵
                                                                    • Executes dropped EXE
                                                                    • Adds Run key to start application
                                                                    • System Location Discovery: System Language Discovery
                                                                    • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                    PID:1320
                                                                  • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Gen.fqz-32daab62cd25eafa980c7ad6bff854d2cd214ae1a185fa3a9549e6be655d1f35.exe
                                                                    Trojan-Ransom.Win32.Gen.fqz-32daab62cd25eafa980c7ad6bff854d2cd214ae1a185fa3a9549e6be655d1f35.exe
                                                                    3⤵
                                                                    • Executes dropped EXE
                                                                    • Enumerates connected drives
                                                                    • System Location Discovery: System Language Discovery
                                                                    • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                    • Suspicious use of FindShellTrayWindow
                                                                    • Suspicious use of SendNotifyMessage
                                                                    PID:2732
                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                      cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\Documents and Settings\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\.exe
                                                                      4⤵
                                                                        PID:11396
                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                        cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\how_to_decrypt_files.html.exe
                                                                        4⤵
                                                                          PID:16740
                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                          cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\Aczv8rkJMB.82ac.exe
                                                                          4⤵
                                                                            PID:19480
                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                            cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\asasin-aa52.htm.exe
                                                                            4⤵
                                                                              PID:3148
                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                              cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\FQcwFqmw5a.82ac.exe
                                                                              4⤵
                                                                                PID:26368
                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\Giwu--vK6X.82ac.exe
                                                                                4⤵
                                                                                  PID:34568
                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                  cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\gQQaqYw3R5.82ac.exe
                                                                                  4⤵
                                                                                    PID:37412
                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                    cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\help_restore_files_vhfto.html.exe
                                                                                    4⤵
                                                                                      PID:36504
                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                      cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\help_restore_files_vhfto.txt.exe
                                                                                      4⤵
                                                                                        PID:40876
                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                        cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\HL7v8boljt.82ac.exe
                                                                                        4⤵
                                                                                          PID:33404
                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                          cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\TYW5G47B-9AF8-S1NJ-53B9EACA-4A912FF549E9.asasin.exe
                                                                                          4⤵
                                                                                            PID:40016
                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                            cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\TYW5G47B-9AF8-S1NJ-876D47FB-F9A96922BCC4.asasin.exe
                                                                                            4⤵
                                                                                              PID:47936
                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                              cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\_README_K11W9Z2_.hta.exe
                                                                                              4⤵
                                                                                                PID:47368
                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\1RsMZew62n.82ac.exe
                                                                                                4⤵
                                                                                                  PID:48812
                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                  cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\asasin-bcd6.htm.exe
                                                                                                  4⤵
                                                                                                    PID:49140
                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                    cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\CP5vSnauhF.82ac.exe
                                                                                                    4⤵
                                                                                                      PID:49032
                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                      cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\help_restore_files_vhfto.txt.mp3.exe
                                                                                                      4⤵
                                                                                                        PID:48456
                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                        cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\IQSqRD8inG.82ac.exe
                                                                                                        4⤵
                                                                                                          PID:48832
                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                          cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.msi.exe
                                                                                                          4⤵
                                                                                                            PID:55564
                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                            cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe.exe
                                                                                                            4⤵
                                                                                                              PID:59816
                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                              cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.exe
                                                                                                              4⤵
                                                                                                                PID:48152
                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi.exe
                                                                                                                4⤵
                                                                                                                  PID:59852
                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                  cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Recovery+kyygd.html.exe
                                                                                                                  4⤵
                                                                                                                    PID:60988
                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                    cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Recovery+kyygd.png.exe
                                                                                                                    4⤵
                                                                                                                      PID:61184
                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                      cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Recovery+kyygd.txt.exe
                                                                                                                      4⤵
                                                                                                                        PID:61972
                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                        cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Recovery+oilvv.html.exe
                                                                                                                        4⤵
                                                                                                                          PID:62152
                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                          cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Recovery+oilvv.png.exe
                                                                                                                          4⤵
                                                                                                                            PID:62972
                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                            cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Recovery+oilvv.txt.exe
                                                                                                                            4⤵
                                                                                                                              PID:62800
                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                              cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe.exe
                                                                                                                              4⤵
                                                                                                                                PID:64140
                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\TYW5G47B-9AF8-S1NJ-028BC579-C6CE9458861C.asasin.exe
                                                                                                                                4⤵
                                                                                                                                  PID:63544
                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                  cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\TYW5G47B-9AF8-S1NJ-E4B1E2E5-A86753A21DC4.asasin.exe
                                                                                                                                  4⤵
                                                                                                                                    PID:65168
                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                    cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\TYW5G70E-9AF8-S187-515F8AC5-FB4B908F5C3B.lukitus.exe
                                                                                                                                    4⤵
                                                                                                                                      PID:65200
                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                      cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\TYW5G70E-9AF8-S187-925639DC-329A6BE36E7E.lukitus.exe
                                                                                                                                      4⤵
                                                                                                                                        PID:65036
                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                        cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\TYW5G70E-9AF8-S187-BDC81C53-73B841301F38.lukitus.exe
                                                                                                                                        4⤵
                                                                                                                                          PID:66332
                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                          cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\TYW5GUFU-9AF8-SADT-653DC077-5929F44A70C5.asasin.exe
                                                                                                                                          4⤵
                                                                                                                                            PID:65904
                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                            cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\yEKKVyO0pD.82ac.exe
                                                                                                                                            4⤵
                                                                                                                                              PID:66728
                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                              cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\_README_Y5V73U_.hta.exe
                                                                                                                                              4⤵
                                                                                                                                                PID:67740
                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\4nB98tf3k3.82ac.exe
                                                                                                                                                4⤵
                                                                                                                                                  PID:67672
                                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                  cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\asasin-6e06.htm.exe
                                                                                                                                                  4⤵
                                                                                                                                                    PID:68032
                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                    cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.msi.exe
                                                                                                                                                    4⤵
                                                                                                                                                      PID:67420
                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                      cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\help_restore_files_vhfto.txt.mp3.exe
                                                                                                                                                      4⤵
                                                                                                                                                        PID:72508
                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                        cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\how_recover+hhs.html.exe
                                                                                                                                                        4⤵
                                                                                                                                                          PID:70992
                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                          cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\how_recover+hhs.txt.exe
                                                                                                                                                          4⤵
                                                                                                                                                            PID:73492
                                                                                                                                                            • C:\Users\Admin\AppData\Roaming\{0FB3C083-DBC2-04E3-36AB-7D13DD964B1E}\eventcreate.exe
                                                                                                                                                              "C:\Users\Admin\AppData\Roaming\{0FB3C083-DBC2-04E3-36AB-7D13DD964B1E}\eventcreate.exe"
                                                                                                                                                              5⤵
                                                                                                                                                                PID:71304
                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                              cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\M82RRS8XeQ.82ac.exe
                                                                                                                                                              4⤵
                                                                                                                                                                PID:73016
                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+kyygd.html.exe
                                                                                                                                                                4⤵
                                                                                                                                                                  PID:69044
                                                                                                                                                                  • C:\Users\Admin\AppData\Roaming\{0FB3C083-DBC2-04E3-36AB-7D13DD964B1E}\eventcreate.exe
                                                                                                                                                                    "C:\Users\Admin\AppData\Roaming\{0FB3C083-DBC2-04E3-36AB-7D13DD964B1E}\eventcreate.exe"
                                                                                                                                                                    5⤵
                                                                                                                                                                      PID:19708
                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                    cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+kyygd.png.exe
                                                                                                                                                                    4⤵
                                                                                                                                                                      PID:74672
                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                      cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+kyygd.txt.exe
                                                                                                                                                                      4⤵
                                                                                                                                                                        PID:73692
                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                        cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+oilvv.html.exe
                                                                                                                                                                        4⤵
                                                                                                                                                                          PID:74732
                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                          cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+oilvv.png.exe
                                                                                                                                                                          4⤵
                                                                                                                                                                            PID:79152
                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                            cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+oilvv.txt.exe
                                                                                                                                                                            4⤵
                                                                                                                                                                              PID:80424
                                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                              cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\TYW5G47B-9AF8-S1NJ-4324D70D-E699B305790F.asasin.exe
                                                                                                                                                                              4⤵
                                                                                                                                                                                PID:83020
                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\TYW5G47B-9AF8-S1NJ-90894203-A0D02B0991ED.asasin.exe
                                                                                                                                                                                4⤵
                                                                                                                                                                                  PID:83656
                                                                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                  cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\TYW5G70E-9AF8-S187-9BC074EF-CA52D9AE9655.lukitus.exe
                                                                                                                                                                                  4⤵
                                                                                                                                                                                    PID:83616
                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                    cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\TYW5G70E-9AF8-S187-B220D8D7-B72BECCB7250.lukitus.exe
                                                                                                                                                                                    4⤵
                                                                                                                                                                                      PID:83916
                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                      cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\TYW5GUFU-9AF8-SADT-508F9474-3012BC039A92.asasin.exe
                                                                                                                                                                                      4⤵
                                                                                                                                                                                        PID:83584
                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                        cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\uhOcPddIVC.82ac.exe
                                                                                                                                                                                        4⤵
                                                                                                                                                                                          PID:77272
                                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                          cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\YiExzZPtZt.82ac.exe
                                                                                                                                                                                          4⤵
                                                                                                                                                                                            PID:69544
                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                            cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_README_NUNQDD_.hta.exe
                                                                                                                                                                                            4⤵
                                                                                                                                                                                              PID:33500
                                                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                              cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\asasin-d679.htm.exe
                                                                                                                                                                                              4⤵
                                                                                                                                                                                                PID:81348
                                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\f3QSzJS-Zg.82ac.exe
                                                                                                                                                                                                4⤵
                                                                                                                                                                                                  PID:49148
                                                                                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                  cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\lEqaA4LSS3.82ac.exe
                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                    PID:83784
                                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                    cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.msi.exe
                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                      PID:82592
                                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\{0FB3C083-DBC2-04E3-36AB-7D13DD964B1E}\eventcreate.exe
                                                                                                                                                                                                        "C:\Users\Admin\AppData\Roaming\{0FB3C083-DBC2-04E3-36AB-7D13DD964B1E}\eventcreate.exe"
                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                          PID:83932
                                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                        cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\SrsTBF0S5v.82ac.exe
                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                          PID:83040
                                                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                          cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\TYW5G47B-9AF8-S1NJ-69A6BF47-259712265199.asasin.exe
                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                            PID:83408
                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                            cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\TYW5G47B-9AF8-S1NJ-E1E6C00E-3F47244EC991.asasin.exe
                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                              PID:83316
                                                                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                              cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\TYW5G70E-9AF8-S187-5666F9BC-A72F2243435B.lukitus.exe
                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                PID:81624
                                                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\TYW5G70E-9AF8-S187-A3B6A67E-E7A75C4204C8.lukitus.exe
                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                  PID:48248
                                                                                                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                  cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\TYW5GUFQ-9AF8-SNFS-544F5369-3AF97E5B7628.asasin.exe
                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                    PID:48616
                                                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                    cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\TYW5GUFQ-9AF8-SNFS-5A905F8C-80B84E3BC109.asasin.exe
                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                      PID:83324
                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\{0FB3C083-DBC2-04E3-36AB-7D13DD964B1E}\eventcreate.exe
                                                                                                                                                                                                                        "C:\Users\Admin\AppData\Roaming\{0FB3C083-DBC2-04E3-36AB-7D13DD964B1E}\eventcreate.exe"
                                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                                          PID:83336
                                                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                        cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\TYW5GUFQ-9AF8-SNFS-8E50887E-EE3AF540096C.asasin.exe
                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                          PID:2704
                                                                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                          cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\TYW5GUFQ-9AF8-SNFS-A93EBCE2-E0FC337662BA.asasin.exe
                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                            PID:83892
                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Roaming\{0FB3C083-DBC2-04E3-36AB-7D13DD964B1E}\eventcreate.exe
                                                                                                                                                                                                                              "C:\Users\Admin\AppData\Roaming\{0FB3C083-DBC2-04E3-36AB-7D13DD964B1E}\eventcreate.exe"
                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                PID:82084
                                                                                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                              cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\TYW5GUFQ-9AF8-SNFS-A9DDE1BB-5A4C992F749A.asasin.exe
                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                PID:40436
                                                                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\TYW5GUFQ-9AF8-SNFS-B216564F-3C342CCA277D.asasin.exe
                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                  PID:83956
                                                                                                                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                  cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\TYW5GUFQ-9AF8-SNFS-DB9C9DC9-365FC76EEAAD.asasin.exe
                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                    PID:3188
                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                    cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\TYW5GUFQ-9AF8-SNFS-E0915440-AFE7AFC51EF4.asasin.exe
                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                      PID:83840
                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                      cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\TYW5GUFQ-9AF8-SNFS-F9BE2FA0-E996134127D1.asasin.exe
                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                        PID:83656
                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                        cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\TYW5GUFU-9AF8-SADT-4B9E2299-3FA945143F67.asasin.exe
                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                          PID:77912
                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                          cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\v5ZZpdFIl3.82ac.exe
                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                            PID:82824
                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                            cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\_README_4VJ4X_.hta.exe
                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                              PID:83556
                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                              cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\asasin-41bc.htm.exe
                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                PID:61744
                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\{0FB3C083-DBC2-04E3-36AB-7D13DD964B1E}\eventcreate.exe
                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Roaming\{0FB3C083-DBC2-04E3-36AB-7D13DD964B1E}\eventcreate.exe"
                                                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                                                    PID:83956
                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                  cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\lOFGrgoK9R.82ac.exe
                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                    PID:83364
                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                    cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.msi.exe
                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                      PID:83680
                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                      cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\Ssh0poR1cm.82ac.exe
                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                        PID:82844
                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                        cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\TYW5G47B-9AF8-S1NJ-88C095C1-45D11A6013D7.asasin.exe
                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                          PID:61784
                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                          cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\TYW5G47B-9AF8-S1NJ-9243CD6C-97CB75A88C60.asasin.exe
                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                            PID:66652
                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                            cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\TYW5G70E-9AF8-S187-14ECF15B-1186BBCFEA2F.lukitus.exe
                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                              PID:68824
                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                              cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\TYW5G70E-9AF8-S187-EAEFB106-3F1FB16B06A4.lukitus.exe
                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                PID:68632
                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\TYW5GUFQ-9AF8-SNFS-05410C90-F0EE35B523BA.asasin.exe
                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                  PID:11008
                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                  cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\TYW5GUFQ-9AF8-SNFS-1D50B8F3-DF22B1C0BA04.asasin.exe
                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                    PID:36748
                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                    cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\TYW5GUFQ-9AF8-SNFS-1DA36F50-93905D4584CB.asasin.exe
                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                      PID:83716
                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                      cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\TYW5GUFQ-9AF8-SNFS-251F3920-2DF040F8C0A7.asasin.exe
                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                        PID:59940
                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Roaming\{0FB3C083-DBC2-04E3-36AB-7D13DD964B1E}\eventcreate.exe
                                                                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Roaming\{0FB3C083-DBC2-04E3-36AB-7D13DD964B1E}\eventcreate.exe"
                                                                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                                                                            PID:30308
                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                          cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\TYW5GUFQ-9AF8-SNFS-3B4F535A-AC3B9B81095F.asasin.exe
                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                            PID:83456
                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                            cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\TYW5GUFQ-9AF8-SNFS-62B4D703-09A797D8C95E.asasin.exe
                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                              PID:74372
                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                              cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\TYW5GUFQ-9AF8-SNFS-7FF744D3-60B9C13A379D.asasin.exe
                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                PID:83500
                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                cmd /c copy /b C:\Users\Admin\AppData\Local\Temp\7zs.sfx + C:\Users\Admin\AppData\Local\Temp\config.txt + C:\Users\Admin\AppData\Local\Temp\installer.7z c:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\TYW5GUFQ-9AF8-SNFS-9B19F40E-475C874F04D3.asasin.exe
                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                  PID:568
                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Roaming\{0FB3C083-DBC2-04E3-36AB-7D13DD964B1E}\eventcreate.exe
                                                                                                                                                                                                                                                                                    "C:\Users\Admin\AppData\Roaming\{0FB3C083-DBC2-04E3-36AB-7D13DD964B1E}\eventcreate.exe"
                                                                                                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                                                                                                      PID:2244
                                                                                                                                                                                                                                                                                • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Locky.abeb-c2e56510866a6e038ac723a3e5a2ac66b14f407b91886077727f622f561164e3.exe
                                                                                                                                                                                                                                                                                  Trojan-Ransom.Win32.Locky.abeb-c2e56510866a6e038ac723a3e5a2ac66b14f407b91886077727f622f561164e3.exe
                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                                                                                  • Sets desktop wallpaper using registry
                                                                                                                                                                                                                                                                                  • Modifies Control Panel
                                                                                                                                                                                                                                                                                  • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                                                                                                                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                  PID:1800
                                                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\asasin.htm
                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                    • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                    PID:19168
                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                                                                                                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:19168 CREDAT:275457 /prefetch:2
                                                                                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                      • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                      PID:22632
                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                                                                                                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:19168 CREDAT:472069 /prefetch:2
                                                                                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                      • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                      PID:41020
                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                                                                                                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:19168 CREDAT:5780482 /prefetch:2
                                                                                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                                                                                      • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                      PID:60436
                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                                                                                                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:19168 CREDAT:5649410 /prefetch:2
                                                                                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                      • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                      PID:56336
                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                                                                                                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:19168 CREDAT:5518338 /prefetch:2
                                                                                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                      • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                      PID:62240
                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                                                                                                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:19168 CREDAT:3552272 /prefetch:2
                                                                                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                                                                                        PID:72404
                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\sys79E1.tmp"
                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                        PID:40772
                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Locky.abfp-1d4a3957a4f4d83f1edffcb0b596e04d98c82f801ae4b23208a34076203f42f6.exe
                                                                                                                                                                                                                                                                                      Trojan-Ransom.Win32.Locky.abfp-1d4a3957a4f4d83f1edffcb0b596e04d98c82f801ae4b23208a34076203f42f6.exe
                                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                                                                                      • Sets desktop wallpaper using registry
                                                                                                                                                                                                                                                                                      • Modifies Control Panel
                                                                                                                                                                                                                                                                                      • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                                                                                                                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                      PID:1780
                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                        cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\sys697D.tmp"
                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                          PID:40572
                                                                                                                                                                                                                                                                                      • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Locky.abgv-cfa555527bae829733f72c3c04fe74eef0ed196cd00d2a2e2ee92a987503dc39.exe
                                                                                                                                                                                                                                                                                        Trojan-Ransom.Win32.Locky.abgv-cfa555527bae829733f72c3c04fe74eef0ed196cd00d2a2e2ee92a987503dc39.exe
                                                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                                                                                                        • Sets desktop wallpaper using registry
                                                                                                                                                                                                                                                                                        • Modifies Control Panel
                                                                                                                                                                                                                                                                                        • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                                                                                                                                                                                                        PID:1812
                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                          cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\sysCBE7.tmp"
                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                            PID:48204
                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Locky.afiy-4880ec5ee1b15232a6631dd80cc4d766ed62c3bf54f54bc32d2bcb0d593e1235.exe
                                                                                                                                                                                                                                                                                          Trojan-Ransom.Win32.Locky.afiy-4880ec5ee1b15232a6631dd80cc4d766ed62c3bf54f54bc32d2bcb0d593e1235.exe
                                                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                          • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                                                                                                                                                                                                          PID:2932
                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                            cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\sys4B05.tmp"
                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                              PID:83296
                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Locky.bil-6f1b3c48f263289c8de3ea1bf4b173feaa502db8ed84f4943f4a049071084aee.exe
                                                                                                                                                                                                                                                                                            Trojan-Ransom.Win32.Locky.bil-6f1b3c48f263289c8de3ea1bf4b173feaa502db8ed84f4943f4a049071084aee.exe
                                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                                                                                                                            • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                                                                                                                                                                                                            PID:1548
                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Locky.dl-e9990ccae658bcecca6a7b52251ef55b3298d9f46c55e92dea0363398b7d6c41.exe
                                                                                                                                                                                                                                                                                            Trojan-Ransom.Win32.Locky.dl-e9990ccae658bcecca6a7b52251ef55b3298d9f46c55e92dea0363398b7d6c41.exe
                                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                                                                                                                            • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                                                                                                                                                                                                            • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                                                                                                                                                            PID:2628
                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Locky.zmi-f8e7dde2601ebeb7e30af4c54016223f1c42298176e1f2f5c4945ca6b8b88317.exe
                                                                                                                                                                                                                                                                                            Trojan-Ransom.Win32.Locky.zmi-f8e7dde2601ebeb7e30af4c54016223f1c42298176e1f2f5c4945ca6b8b88317.exe
                                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                            • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                                                                                                                                                                                                            PID:1712
                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Purgen.rd-2138058fcd95620d254930f3d3df8def00ce8b696491b115635bcbd5fc8a2b91.exe
                                                                                                                                                                                                                                                                                            Trojan-Ransom.Win32.Purgen.rd-2138058fcd95620d254930f3d3df8def00ce8b696491b115635bcbd5fc8a2b91.exe
                                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                                                                                                                            • Drops desktop.ini file(s)
                                                                                                                                                                                                                                                                                            • Drops file in Program Files directory
                                                                                                                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                            • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                                                                                                                                                                                                            • Suspicious behavior: RenamesItself
                                                                                                                                                                                                                                                                                            PID:2480
                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                              taskkill /F /T /PID 784
                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                              • Kills process with taskkill
                                                                                                                                                                                                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                              PID:2024
                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                              taskkill /F /T /PID 1044
                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                              • Kills process with taskkill
                                                                                                                                                                                                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                              PID:2080
                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                              taskkill /F /T /PID 2896
                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                              • Kills process with taskkill
                                                                                                                                                                                                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                              PID:2372
                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                              taskkill /F /T /PID 660
                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                              • Kills process with taskkill
                                                                                                                                                                                                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                              PID:1624
                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                              taskkill /F /T /PID 268
                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                              • Kills process with taskkill
                                                                                                                                                                                                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                              PID:2900
                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                              taskkill /F /T /PID 1320
                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                              • Kills process with taskkill
                                                                                                                                                                                                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                              PID:1576
                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                              taskkill /F /T /PID 1712
                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                              • Kills process with taskkill
                                                                                                                                                                                                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                              PID:2252
                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                              taskkill /F /T /PID 3052
                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                              • Kills process with taskkill
                                                                                                                                                                                                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                              PID:552
                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                              taskkill /F /T /PID 1984
                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                              • Kills process with taskkill
                                                                                                                                                                                                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                              PID:2164
                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.SageCrypt.dze-ffb3ff1308d4ec8ef1f9c949cb508926aafd1fa63ad86890dd420836bd614963.exe
                                                                                                                                                                                                                                                                                            Trojan-Ransom.Win32.SageCrypt.dze-ffb3ff1308d4ec8ef1f9c949cb508926aafd1fa63ad86890dd420836bd614963.exe
                                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                            • Modifies data under HKEY_USERS
                                                                                                                                                                                                                                                                                            • Modifies registry class
                                                                                                                                                                                                                                                                                            • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                                                                                                                                                                                                            • Suspicious behavior: MapViewOfSection
                                                                                                                                                                                                                                                                                            PID:2096
                                                                                                                                                                                                                                                                                            • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.SageCrypt.dze-ffb3ff1308d4ec8ef1f9c949cb508926aafd1fa63ad86890dd420836bd614963.exe
                                                                                                                                                                                                                                                                                              "C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.SageCrypt.dze-ffb3ff1308d4ec8ef1f9c949cb508926aafd1fa63ad86890dd420836bd614963.exe" g
                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                              PID:1512
                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                                              "C:\Windows\System32\schtasks.exe" /CREATE /TN "a2Bbyxpt" /TR "C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.SageCrypt.dze-ffb3ff1308d4ec8ef1f9c949cb508926aafd1fa63ad86890dd420836bd614963.exe" /SC ONLOGON /RL HIGHEST /F
                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                              • Scheduled Task/Job: Scheduled Task
                                                                                                                                                                                                                                                                                              PID:3168
                                                                                                                                                                                                                                                                                            • C:\Windows\syswow64\explorer.exe
                                                                                                                                                                                                                                                                                              "C:\Windows\syswow64\explorer.exe"
                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                              • Enumerates connected drives
                                                                                                                                                                                                                                                                                              • Sets desktop wallpaper using registry
                                                                                                                                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                              • Modifies data under HKEY_USERS
                                                                                                                                                                                                                                                                                              • Modifies registry class
                                                                                                                                                                                                                                                                                              • Suspicious behavior: MapViewOfSection
                                                                                                                                                                                                                                                                                              PID:5900
                                                                                                                                                                                                                                                                                              • C:\Windows\syswow64\explorer.exe
                                                                                                                                                                                                                                                                                                "C:\Windows\syswow64\explorer.exe"
                                                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                PID:11048
                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                "C:\Windows\System32\cmd.exe" /C vssadmin.exe delete shadows /all /quiet
                                                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                                                  PID:16704
                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                  "C:\Windows\System32\cmd.exe" /C wmic shadowcopy delete
                                                                                                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                                                                                                    PID:17188
                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet
                                                                                                                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                                                                                                                      PID:18124
                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                      "C:\Windows\System32\cmd.exe" /C vssadmin.exe delete shadows /all /quiet
                                                                                                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                                                                                                        PID:17772
                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\cmd.exe" /C wmic shadowcopy delete
                                                                                                                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                                                                                                                          PID:38828
                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                          "C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet
                                                                                                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                                                                                                            PID:40680
                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\cmd.exe" /C vssadmin.exe delete shadows /all /quiet
                                                                                                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                                                                                                              PID:1804
                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                              "C:\Windows\System32\cmd.exe" /C wmic shadowcopy delete
                                                                                                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                                                                                                PID:41244
                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet
                                                                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                                                                  PID:42024
                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\mshta.exe
                                                                                                                                                                                                                                                                                                                  "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\!HELP_SOS.hta"
                                                                                                                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                  PID:62340
                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\WScript.exe
                                                                                                                                                                                                                                                                                                                  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\f1.vbs"
                                                                                                                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                  PID:61616
                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                                                                  "C:\Windows\System32\schtasks.exe" /DELETE /TN /F "a2Bbyxpt"
                                                                                                                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                  PID:60856
                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\WScript.exe
                                                                                                                                                                                                                                                                                                                  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\f1256447689.vbs"
                                                                                                                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                                                                                                                    PID:65440
                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\cmd.exe" /C vssadmin.exe delete shadows /all /quiet
                                                                                                                                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                                                                                                                                      PID:65172
                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                      "C:\Windows\System32\cmd.exe" /C wmic shadowcopy delete
                                                                                                                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                                                                                                                        PID:65048
                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet
                                                                                                                                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                                                                                                                                          PID:48792
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Shade.nyw-2d19fa4ce090239534ab152bdf941674d41e6fc532d95103a664c73cf085c658.exe
                                                                                                                                                                                                                                                                                                                      Trojan-Ransom.Win32.Shade.nyw-2d19fa4ce090239534ab152bdf941674d41e6fc532d95103a664c73cf085c658.exe
                                                                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                      • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                      • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                                                                                                                                                                                                                                      PID:2344
                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Shade.nyw-2d19fa4ce090239534ab152bdf941674d41e6fc532d95103a664c73cf085c658.exe
                                                                                                                                                                                                                                                                                                                        Trojan-Ransom.Win32.Shade.nyw-2d19fa4ce090239534ab152bdf941674d41e6fc532d95103a664c73cf085c658.exe
                                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                        PID:3808
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Wanna.c-96ced32b262d8805a5cf748ae1c9d7bf03bd4896cf349153886bc020f430f395.exe
                                                                                                                                                                                                                                                                                                                      Trojan-Ransom.Win32.Wanna.c-96ced32b262d8805a5cf748ae1c9d7bf03bd4896cf349153886bc020f430f395.exe
                                                                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                      • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                                                                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                      PID:3052
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Wanna.m-0a00aa4c6f60e7d2f19da6d9f6aaca1119541f7cd15a340eb03fccc341cbf5c7.exe
                                                                                                                                                                                                                                                                                                                      Trojan-Ransom.Win32.Wanna.m-0a00aa4c6f60e7d2f19da6d9f6aaca1119541f7cd15a340eb03fccc341cbf5c7.exe
                                                                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                      • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                                                                                                                                                                                                                                      PID:1984
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Wanna.zbu-0b824f863d1cbe4fcc403bbef23aaa27197d7998911f30845f0a75b5c7287949.exe
                                                                                                                                                                                                                                                                                                                      Trojan-Ransom.Win32.Wanna.zbu-0b824f863d1cbe4fcc403bbef23aaa27197d7998911f30845f0a75b5c7287949.exe
                                                                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                      PID:552
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Zerber.apff-be027e4c5170dd074b2901a248d8c732751873b24a2d5a809c43a6f866553cc9.exe
                                                                                                                                                                                                                                                                                                                      Trojan-Ransom.Win32.Zerber.apff-be027e4c5170dd074b2901a248d8c732751873b24a2d5a809c43a6f866553cc9.exe
                                                                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                      • Loads dropped DLL
                                                                                                                                                                                                                                                                                                                      • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                                                                                                                                                                                                                                      PID:1796
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Zerber.gnq-bae1ff6cff01d4afe6878036ae3ae40126fe4e5851e0943a57739d52f489e01a.exe
                                                                                                                                                                                                                                                                                                                      Trojan-Ransom.Win32.Zerber.gnq-bae1ff6cff01d4afe6878036ae3ae40126fe4e5851e0943a57739d52f489e01a.exe
                                                                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                      • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                                                                                                                                                                                                                                      PID:2472
                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Zerber.gnq-bae1ff6cff01d4afe6878036ae3ae40126fe4e5851e0943a57739d52f489e01a.exe
                                                                                                                                                                                                                                                                                                                        Trojan-Ransom.Win32.Zerber.gnq-bae1ff6cff01d4afe6878036ae3ae40126fe4e5851e0943a57739d52f489e01a.exe
                                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                                        • Adds policy Run key to start application
                                                                                                                                                                                                                                                                                                                        • Drops startup file
                                                                                                                                                                                                                                                                                                                        • Loads dropped DLL
                                                                                                                                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                        • Modifies Control Panel
                                                                                                                                                                                                                                                                                                                        PID:17024
                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                          /d /c taskkill /t /f /im "Trojan-Ransom.Win32.Zerber.gnq-bae1ff6cff01d4afe6878036ae3ae40126fe4e5851e0943a57739d52f489e01a.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Zerber.gnq-bae1ff6cff01d4afe6878036ae3ae40126fe4e5851e0943a57739d52f489e01a.exe" > NUL
                                                                                                                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                                                                                                                          • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                                                                                                                                                                                                                          PID:20380
                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Roaming\{0FB3C083-DBC2-04E3-36AB-7D13DD964B1E}\DisplaySwitch.exe
                                                                                                                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Roaming\{0FB3C083-DBC2-04E3-36AB-7D13DD964B1E}\DisplaySwitch.exe"
                                                                                                                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                          PID:24516
                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\{0FB3C083-DBC2-04E3-36AB-7D13DD964B1E}\DisplaySwitch.exe
                                                                                                                                                                                                                                                                                                                            "C:\Users\Admin\AppData\Roaming\{0FB3C083-DBC2-04E3-36AB-7D13DD964B1E}\DisplaySwitch.exe"
                                                                                                                                                                                                                                                                                                                            6⤵
                                                                                                                                                                                                                                                                                                                            • Loads dropped DLL
                                                                                                                                                                                                                                                                                                                            PID:60936
                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\vssadmin.exe
                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\vssadmin.exe" delete shadows /all /quiet
                                                                                                                                                                                                                                                                                                                              7⤵
                                                                                                                                                                                                                                                                                                                              • Interacts with shadow copies
                                                                                                                                                                                                                                                                                                                              PID:62348
                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\wbem\wmic.exe
                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\wbem\wmic.exe" shadowcopy delete
                                                                                                                                                                                                                                                                                                                              7⤵
                                                                                                                                                                                                                                                                                                                                PID:59208
                                                                                                                                                                                                                                                                                                                              • C:\Windows\System32\bcdedit.exe
                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\bcdedit.exe" /set {default} recoveryenabled no
                                                                                                                                                                                                                                                                                                                                7⤵
                                                                                                                                                                                                                                                                                                                                • Modifies boot configuration data using bcdedit
                                                                                                                                                                                                                                                                                                                                PID:68408
                                                                                                                                                                                                                                                                                                                              • C:\Windows\System32\bcdedit.exe
                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\bcdedit.exe" /set {default} bootstatuspolicy ignoreallfailures
                                                                                                                                                                                                                                                                                                                                7⤵
                                                                                                                                                                                                                                                                                                                                • Modifies boot configuration data using bcdedit
                                                                                                                                                                                                                                                                                                                                PID:71336
                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                            /d /c taskkill /t /f /im "Trojan-Ransom.Win32.Zerber.gnq-bae1ff6cff01d4afe6878036ae3ae40126fe4e5851e0943a57739d52f489e01a.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Zerber.gnq-bae1ff6cff01d4afe6878036ae3ae40126fe4e5851e0943a57739d52f489e01a.exe" > NUL
                                                                                                                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                                                                                                                            • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                                                                                                                                                                                                                            PID:37676
                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Zerber.lit-0df49f7541f1576a7fe6de6468ef3b3a5c1518de1376a1bd0165fbd8db47c517.exe
                                                                                                                                                                                                                                                                                                                        Trojan-Ransom.Win32.Zerber.lit-0df49f7541f1576a7fe6de6468ef3b3a5c1518de1376a1bd0165fbd8db47c517.exe
                                                                                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                        • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                                                                                                                                                                                                                                        PID:1580
                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Zerber.tju-a4522dc65d5455cc384f8c9abff3a8b382f45d05854339b54e7bb84cd4d11662.exe
                                                                                                                                                                                                                                                                                                                        Trojan-Ransom.Win32.Zerber.tju-a4522dc65d5455cc384f8c9abff3a8b382f45d05854339b54e7bb84cd4d11662.exe
                                                                                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                        • Loads dropped DLL
                                                                                                                                                                                                                                                                                                                        • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                        • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                                                                                                                                                                                                                                        • Suspicious behavior: MapViewOfSection
                                                                                                                                                                                                                                                                                                                        PID:1604
                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Zerber.tju-a4522dc65d5455cc384f8c9abff3a8b382f45d05854339b54e7bb84cd4d11662.exe
                                                                                                                                                                                                                                                                                                                          Trojan-Ransom.Win32.Zerber.tju-a4522dc65d5455cc384f8c9abff3a8b382f45d05854339b54e7bb84cd4d11662.exe
                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                          PID:2952
                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Zerber.uie-9ff1921b0e3934630adb6551b9034fa3cc7f6c1bc4b09aa4211330ba427f663d.exe
                                                                                                                                                                                                                                                                                                                        Trojan-Ransom.Win32.Zerber.uie-9ff1921b0e3934630adb6551b9034fa3cc7f6c1bc4b09aa4211330ba427f663d.exe
                                                                                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                        • Loads dropped DLL
                                                                                                                                                                                                                                                                                                                        • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                        • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                                                                                                                                                                                                                                        • Suspicious behavior: MapViewOfSection
                                                                                                                                                                                                                                                                                                                        PID:1608
                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Zerber.uie-9ff1921b0e3934630adb6551b9034fa3cc7f6c1bc4b09aa4211330ba427f663d.exe
                                                                                                                                                                                                                                                                                                                          Trojan-Ransom.Win32.Zerber.uie-9ff1921b0e3934630adb6551b9034fa3cc7f6c1bc4b09aa4211330ba427f663d.exe
                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                          PID:3208
                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\Desktop\00300\VHO-Trojan-Ransom.Win32.Blocker.gen-96e77f4c1d8c933f43fe68eabf24b15c0fa5f9f6ebb8bf578bedaab97f952f5d.exe
                                                                                                                                                                                                                                                                                                                        VHO-Trojan-Ransom.Win32.Blocker.gen-96e77f4c1d8c933f43fe68eabf24b15c0fa5f9f6ebb8bf578bedaab97f952f5d.exe
                                                                                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                        PID:2648
                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
                                                                                                                                                                                                                                                                                                                          dw20.exe -x -s 504
                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                                                                                                                                                                                          PID:3132
                                                                                                                                                                                                                                                                                                                    • C:\Windows\syswow64\svchost.exe
                                                                                                                                                                                                                                                                                                                      "C:\Windows\syswow64\svchost.exe"
                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                      PID:3680
                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\taskmgr.exe
                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\taskmgr.exe" /4
                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                        PID:82848
                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\DllHost.exe
                                                                                                                                                                                                                                                                                                                      C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                        PID:836
                                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                        \??\C:\Windows\system32\conhost.exe "-20017008491105034691-21224657361234797411469661128-161029695-4820055135897832"
                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                          PID:1756
                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                          \??\C:\Windows\system32\conhost.exe "138648295418865237591293425216-1381115008-14878031412754431611682966700229695755"
                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                          PID:988
                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                          \??\C:\Windows\system32\conhost.exe "-141737357314165324201127829853523689929207945043220911538025123900191268913090"
                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                          PID:2404
                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                          \??\C:\Windows\system32\conhost.exe "1849023059563666038-1160446837-719678223-1180054901-473406956-156918958190147052"
                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                          PID:760
                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\DllHost.exe
                                                                                                                                                                                                                                                                                                                          C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                            PID:2236
                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                            \??\C:\Windows\system32\conhost.exe "171089643616778712931619127455-663191679549350149-681472285-1189308744461662851"
                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                              PID:2128
                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                              \??\C:\Windows\system32\conhost.exe "57857648-1704617555-1398079375-1063138629-597541562-1696735297-346672933-1095475034"
                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                PID:2356
                                                                                                                                                                                                                                                                                                                              • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                \??\C:\Windows\system32\conhost.exe "427988645155072374216390744911715484189860275254-3843233061100677256-1783424943"
                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                  PID:2228
                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                  \??\C:\Windows\system32\conhost.exe "72043324372390917-209887598-1709627147-1999774028942480537-1557238753426179436"
                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                    PID:532
                                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                    \??\C:\Windows\system32\conhost.exe "-1288443420-1488044218-8671244558014107-868751982-1134499165-136440111-208178595"
                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                      PID:3060
                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                      \??\C:\Windows\system32\conhost.exe "-23067875014723564731373642816663349850-666776910-532946811275004704-1174404718"
                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                        PID:1728
                                                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                        \??\C:\Windows\system32\conhost.exe "-20189899784530611515906413865357705795933921521657779879-15868732481068214808"
                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                          PID:1616
                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                          \??\C:\Windows\system32\conhost.exe "-1094664074-470497623360677965-658870789-1145422474-672181247390616723994245559"
                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                            PID:1784
                                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                            \??\C:\Windows\system32\conhost.exe "7344253462044712104-850207771-11898653531738114525-269177766-1204377137-1405474675"
                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                              PID:2872
                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                              \??\C:\Windows\system32\conhost.exe "1568649916-1262890878-16211642492088472240-31590330-2033969299-433658938-603883867"
                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                PID:2796
                                                                                                                                                                                                                                                                                                                                              • C:\Windows\system32\vssvc.exe
                                                                                                                                                                                                                                                                                                                                                C:\Windows\system32\vssvc.exe
                                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                                                                                PID:3908
                                                                                                                                                                                                                                                                                                                                              • C:\Windows\system32\taskeng.exe
                                                                                                                                                                                                                                                                                                                                                taskeng.exe {611BDB41-E6F3-4406-B201-F9B7CCDC4BEA} S-1-5-18:NT AUTHORITY\System:Service:
                                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                                  PID:3672
                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\vssadmin.exe
                                                                                                                                                                                                                                                                                                                                                    C:\Windows\system32\vssadmin.exe Delete Shadows /Quiet /All
                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                    • Interacts with shadow copies
                                                                                                                                                                                                                                                                                                                                                    PID:3788
                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\vssadmin.exe
                                                                                                                                                                                                                                                                                                                                                    C:\Windows\system32\vssadmin.exe Delete Shadows /Quiet /All
                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                    • Interacts with shadow copies
                                                                                                                                                                                                                                                                                                                                                    PID:19952
                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                  \??\C:\Windows\system32\conhost.exe "1377698282-378786201417765756-1326970837-66406510-458481443-1386396349-1030132358"
                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                                                                                                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                  PID:1424
                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\DllHost.exe
                                                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                                                                                                                                                                                                                  PID:3428
                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Wanna.m-0a00aa4c6f60e7d2f19da6d9f6aaca1119541f7cd15a340eb03fccc341cbf5c7.exe
                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Wanna.m-0a00aa4c6f60e7d2f19da6d9f6aaca1119541f7cd15a340eb03fccc341cbf5c7.exe -m security
                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                  • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                  • Modifies data under HKEY_USERS
                                                                                                                                                                                                                                                                                                                                                  PID:3468
                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                  \??\C:\Windows\system32\conhost.exe "-346484913-1951227661-96267343829671470652901940142865352995296141509157207"
                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                                                                                                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                  PID:3724
                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                  \??\C:\Windows\system32\conhost.exe "-404124501-681192578-366570477-785769518-310712422-12997517041137289901-767473677"
                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                                                                                                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                  PID:3120
                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                  \??\C:\Windows\system32\conhost.exe "-2085721173-513051821389617413-1762498263929721599-17884182871768403622198887865"
                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                                                                                                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                  PID:1980
                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                  \??\C:\Windows\system32\conhost.exe "803703420-1485550942-554955392-1396395641-141286594751570105-317896671142550957"
                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                                                                                                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                  PID:9348
                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                  \??\C:\Windows\system32\conhost.exe "-11379497131736177661-263062269-132854146526344128511214528981878398114-1806040518"
                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                    PID:11524
                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                    \??\C:\Windows\system32\conhost.exe "-402764019687963750-2980204512827819371162214145-1903006975-772976023209643329"
                                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                                      PID:12248
                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                      \??\C:\Windows\system32\conhost.exe "1962647787752584696-1674513637753763879-551643338-1902035812-929061734-1053200571"
                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                                                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                      PID:16832
                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                      \??\C:\Windows\system32\conhost.exe "548124886-1896269510-81130648520563731317308431541866884108729528502-141776601"
                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                                                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                      PID:19944
                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                      \??\C:\Windows\system32\conhost.exe "521909822951550523-152734374913099498931160509374111566469-1808957454-696857923"
                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                        PID:19976
                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\DllHost.exe
                                                                                                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                          PID:19208
                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                          \??\C:\Windows\system32\conhost.exe "-6701509961975484885-194373508715607358231660256816-18465359741481113732-1454700139"
                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                          PID:19848
                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\DllHost.exe
                                                                                                                                                                                                                                                                                                                                                          C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                            PID:21592
                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                            \??\C:\Windows\system32\conhost.exe "12986282954341118299913588801879226938-1363830375-1679875825-1033133268-1388130964"
                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                            PID:34620
                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                            \??\C:\Windows\system32\conhost.exe "-991206156-843418395259658813-523030157-321426834-15382131122054830563-86418157"
                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                            PID:37252
                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                            \??\C:\Windows\system32\conhost.exe "-1011329368-491583309480994245-14848247681214560851-2017049618497565761-1927332465"
                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                              PID:37432
                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                              \??\C:\Windows\system32\conhost.exe "149132728481464997-603698701198307339-21460340661275065300-1539421280-841122614"
                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                              PID:39632
                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                              \??\C:\Windows\system32\conhost.exe "1254706842-1047765813-2544975111814205202838320784-406526887-15025550199599053"
                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                              PID:40328
                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                              \??\C:\Windows\system32\conhost.exe "13388676232246037723490939183832586613698498901278555200513157241843054312"
                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                              PID:3804
                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\DllHost.exe
                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                PID:5580
                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                \??\C:\Windows\system32\conhost.exe "405355575-202482352319877824455025451560370189947780427-485470294-511769533"
                                                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                                PID:40272
                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\system32\AUDIODG.EXE
                                                                                                                                                                                                                                                                                                                                                                C:\Windows\system32\AUDIODG.EXE 0x46c
                                                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                                                  PID:41584
                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                  \??\C:\Windows\system32\conhost.exe "-960778184-1606804983-699906507-1963789349148343687511103585511825565975510955307"
                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                    PID:48688
                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                    \??\C:\Windows\system32\conhost.exe "-2087666693580863332-1428216657-392471095-2148897591949246568-951872719-1762597828"
                                                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                                    PID:48376
                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                    \??\C:\Windows\system32\conhost.exe "-424518414513852562-1646344-203215533886094961254497589415915816921649790484"
                                                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                                    PID:49640
                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                    \??\C:\Windows\system32\conhost.exe "-320809241369199482297541896-1854179864-1951514770-1449889858863738670-177724830"
                                                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                                                      PID:61308
                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                      \??\C:\Windows\system32\conhost.exe "-2457800549724573031673407963-4207814051966865508-12833613201089117222293786722"
                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                                      PID:61772
                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                      \??\C:\Windows\system32\conhost.exe "-538996138-5576895461521517468-729223838-70073229819943120732023001712671492102"
                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                                      PID:63704
                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\DllHost.exe
                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                        PID:74408
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\taskeng.exe
                                                                                                                                                                                                                                                                                                                                                                        taskeng.exe {8ADE3B77-2FAB-4CD3-B71A-2F9A5F4AD7B9} S-1-5-21-2872745919-2748461613-2989606286-1000:CCJBVTGQ\Admin:Interactive:[1]
                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                          PID:83632
                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\{0FB3C083-DBC2-04E3-36AB-7D13DD964B1E}\eventcreate.exe
                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Roaming\{0FB3C083-DBC2-04E3-36AB-7D13DD964B1E}\eventcreate.exe
                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                              PID:61136

                                                                                                                                                                                                                                                                                                                                                                          Network

                                                                                                                                                                                                                                                                                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                                                                                                                                                          Reconnaissance

                                                                                                                                                                                                                                                                                                                                                                          Resource Development

                                                                                                                                                                                                                                                                                                                                                                          Initial Access

                                                                                                                                                                                                                                                                                                                                                                          Execution

                                                                                                                                                                                                                                                                                                                                                                          Scheduled Task/Job

                                                                                                                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                                                                                                                          T1053

                                                                                                                                                                                                                                                                                                                                                                          Scheduled Task

                                                                                                                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                                                                                                                          T1053.005

                                                                                                                                                                                                                                                                                                                                                                          Windows Management Instrumentation

                                                                                                                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                                                                                                                          T1047

                                                                                                                                                                                                                                                                                                                                                                          Persistence

                                                                                                                                                                                                                                                                                                                                                                          Boot or Logon Autostart Execution

                                                                                                                                                                                                                                                                                                                                                                          4
                                                                                                                                                                                                                                                                                                                                                                          T1547

                                                                                                                                                                                                                                                                                                                                                                          Active Setup

                                                                                                                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                                                                                                                          T1547.014

                                                                                                                                                                                                                                                                                                                                                                          Registry Run Keys / Startup Folder

                                                                                                                                                                                                                                                                                                                                                                          2
                                                                                                                                                                                                                                                                                                                                                                          T1547.001

                                                                                                                                                                                                                                                                                                                                                                          Winlogon Helper DLL

                                                                                                                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                                                                                                                          T1547.004

                                                                                                                                                                                                                                                                                                                                                                          Event Triggered Execution

                                                                                                                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                                                                                                                          T1546

                                                                                                                                                                                                                                                                                                                                                                          Accessibility Features

                                                                                                                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                                                                                                                          T1546.008

                                                                                                                                                                                                                                                                                                                                                                          Scheduled Task/Job

                                                                                                                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                                                                                                                          T1053

                                                                                                                                                                                                                                                                                                                                                                          Scheduled Task

                                                                                                                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                                                                                                                          T1053.005

                                                                                                                                                                                                                                                                                                                                                                          Privilege Escalation

                                                                                                                                                                                                                                                                                                                                                                          Boot or Logon Autostart Execution

                                                                                                                                                                                                                                                                                                                                                                          4
                                                                                                                                                                                                                                                                                                                                                                          T1547

                                                                                                                                                                                                                                                                                                                                                                          Active Setup

                                                                                                                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                                                                                                                          T1547.014

                                                                                                                                                                                                                                                                                                                                                                          Registry Run Keys / Startup Folder

                                                                                                                                                                                                                                                                                                                                                                          2
                                                                                                                                                                                                                                                                                                                                                                          T1547.001

                                                                                                                                                                                                                                                                                                                                                                          Winlogon Helper DLL

                                                                                                                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                                                                                                                          T1547.004

                                                                                                                                                                                                                                                                                                                                                                          Event Triggered Execution

                                                                                                                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                                                                                                                          T1546

                                                                                                                                                                                                                                                                                                                                                                          Accessibility Features

                                                                                                                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                                                                                                                          T1546.008

                                                                                                                                                                                                                                                                                                                                                                          Scheduled Task/Job

                                                                                                                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                                                                                                                          T1053

                                                                                                                                                                                                                                                                                                                                                                          Scheduled Task

                                                                                                                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                                                                                                                          T1053.005

                                                                                                                                                                                                                                                                                                                                                                          Defense Evasion

                                                                                                                                                                                                                                                                                                                                                                          Direct Volume Access

                                                                                                                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                                                                                                                          T1006

                                                                                                                                                                                                                                                                                                                                                                          Indicator Removal

                                                                                                                                                                                                                                                                                                                                                                          3
                                                                                                                                                                                                                                                                                                                                                                          T1070

                                                                                                                                                                                                                                                                                                                                                                          File Deletion

                                                                                                                                                                                                                                                                                                                                                                          3
                                                                                                                                                                                                                                                                                                                                                                          T1070.004

                                                                                                                                                                                                                                                                                                                                                                          Modify Registry

                                                                                                                                                                                                                                                                                                                                                                          7
                                                                                                                                                                                                                                                                                                                                                                          T1112

                                                                                                                                                                                                                                                                                                                                                                          Virtualization/Sandbox Evasion

                                                                                                                                                                                                                                                                                                                                                                          2
                                                                                                                                                                                                                                                                                                                                                                          T1497

                                                                                                                                                                                                                                                                                                                                                                          Credential Access

                                                                                                                                                                                                                                                                                                                                                                          Credentials from Password Stores

                                                                                                                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                                                                                                                          T1555

                                                                                                                                                                                                                                                                                                                                                                          Credentials from Web Browsers

                                                                                                                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                                                                                                                          T1555.003

                                                                                                                                                                                                                                                                                                                                                                          Unsecured Credentials

                                                                                                                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                                                                                                                          T1552

                                                                                                                                                                                                                                                                                                                                                                          Credentials In Files

                                                                                                                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                                                                                                                          T1552.001

                                                                                                                                                                                                                                                                                                                                                                          Discovery

                                                                                                                                                                                                                                                                                                                                                                          Network Service Discovery

                                                                                                                                                                                                                                                                                                                                                                          2
                                                                                                                                                                                                                                                                                                                                                                          T1046

                                                                                                                                                                                                                                                                                                                                                                          Peripheral Device Discovery

                                                                                                                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                                                                                                                          T1120

                                                                                                                                                                                                                                                                                                                                                                          Query Registry

                                                                                                                                                                                                                                                                                                                                                                          4
                                                                                                                                                                                                                                                                                                                                                                          T1012

                                                                                                                                                                                                                                                                                                                                                                          System Information Discovery

                                                                                                                                                                                                                                                                                                                                                                          3
                                                                                                                                                                                                                                                                                                                                                                          T1082

                                                                                                                                                                                                                                                                                                                                                                          System Location Discovery

                                                                                                                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                                                                                                                          T1614

                                                                                                                                                                                                                                                                                                                                                                          System Language Discovery

                                                                                                                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                                                                                                                          T1614.001

                                                                                                                                                                                                                                                                                                                                                                          System Network Configuration Discovery

                                                                                                                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                                                                                                                          T1016

                                                                                                                                                                                                                                                                                                                                                                          Internet Connection Discovery

                                                                                                                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                                                                                                                          T1016.001

                                                                                                                                                                                                                                                                                                                                                                          Virtualization/Sandbox Evasion

                                                                                                                                                                                                                                                                                                                                                                          2
                                                                                                                                                                                                                                                                                                                                                                          T1497

                                                                                                                                                                                                                                                                                                                                                                          Lateral Movement

                                                                                                                                                                                                                                                                                                                                                                          Collection

                                                                                                                                                                                                                                                                                                                                                                          Data from Local System

                                                                                                                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                                                                                                                          T1005

                                                                                                                                                                                                                                                                                                                                                                          Command and Control

                                                                                                                                                                                                                                                                                                                                                                          Exfiltration

                                                                                                                                                                                                                                                                                                                                                                          Impact

                                                                                                                                                                                                                                                                                                                                                                          Defacement

                                                                                                                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                                                                                                                          T1491

                                                                                                                                                                                                                                                                                                                                                                          Inhibit System Recovery

                                                                                                                                                                                                                                                                                                                                                                          3
                                                                                                                                                                                                                                                                                                                                                                          T1490

                                                                                                                                                                                                                                                                                                                                                                          Replay Monitor

                                                                                                                                                                                                                                                                                                                                                                          Loading Replay Monitor...

                                                                                                                                                                                                                                                                                                                                                                          Downloads

                                                                                                                                                                                                                                                                                                                                                                          • C:\!HELP_SOS.hta
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            99KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            287a71cb3ab6b4a1a6c92965a28523df

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            dc0170b7fa81bd99a895e98224f62114ff5ae9ec

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            6be6c1317bc3b335366645a75ccd7974f93d48a19ed20f9beb808f1a69ef2e22

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            dd9adcb5086072da3cb2b703891dde5f7b48a515ca4516542455946d548c9e383e5479e35cb20f4233c4463221b92956930dfcbdcb43ab7f969266587eaee1a9

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\MSOCache\All Users\help_restore_files_vhfto.txt
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            2KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            27fe78e575970247cee8120e4adbe549

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            2ebce3daee671e7f98e6bac04e810a4c6eaa3ea0

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            6a961b4e82ad5e9f1f43bc63e8b7487d5197fc620fa9428f64dddc2d668ba3fd

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            036be1efc483799e9fd7584a6a986fe4268108e808a3762c35dd6d47247f82182d74f5a76cc661a3479b3a549a5b36d5d0e4378db95ddce059d4d44bb326fa4b

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+kyygd.html
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            8KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            d4ad257b51d83e327ef5c43fcccde649

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            b8a7b84b9902c951d08c0198d944b396347d645b

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            0c951af0ab831690c64ffe8f29b4860cf9473d84ea0ab61f56a4cc7707f76a49

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            32cad2ca9cec8fe2a364513b105728e76928d5214337418f07724c1292424b598ff99cb597258f64cf543a26504494f68e98ada3e363dd2e61c88fdc229d01e5

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+kyygd.txt
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            2KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            d65eb0fec3ac9d3dd66862fada98ea0c

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            f8f1eda87f3bc0755be2cce9e44246055e5886cb

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            1ed6162f8ebdd110d099025b15576b6e0411851b40c4af4dbc6674b9819b5e2f

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            9badf3b8a6c08fc8108aae75017711e67fc4e6ef7e83375dce21f177116760924ed8b8ceb1227d125a6aebdb923fe4a5ca6ce6982ea656cd60c24f0c9f73ced6

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+nttno.html
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            7KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            413d80f6a132126afc3d76cbc9518874

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            a2451c0b1db02220caa16e6c4e91fd5ca5b6ef50

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            6c9e77a0bb463ceeabc4f7c86f2b8bc0c7babc75bc82758c75955ff4c8cafcb1

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            290b09681e3b12d445f1bed75cf4e93db2f3da4e307732068f442c58c8a754e8b3751fc37686d3e6f0c346589c0622772be30b195e739e8d19a52c6183edc66a

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+nttno.png
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            63KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            8e18d9bece3953d23aafee7bbc593623

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            3875be87a49a27b1e7520feb7ed43cf8e74597cf

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            a46a31677ab88270f0bb1ec3a0875447e8cf8d64993b849ab771c2f1df9bb6a4

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            0110b90de219bc82ffa5e2ef13f183ed9398fd1ae8a41a9afef98ce977b357397bf1b7ac8cabf8691bdb4ac6f14044630eddf38aae56dec980a095472db8d26a

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+nttno.txt
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            1KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            1448b378b783e91401f51f7d3fe37579

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            8da0963e7b96160af94a1eb850c50e5cbb3b70d0

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            38b4a2d25a51d22205056047420b82dececa026935ff6086453f1adba0d386c0

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            bb153beb16f097f4fb66faec6eb02f24dc6013642543f5fa7ffedca473c7bbb62c91959abaec4f94707d9a9e20fea65b0934ea823fcfc1866245aa5450ede9c8

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+oilvv.html
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            7KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            93bdbf2f5ab0b61d6586f593cd9dcd94

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            eef85928e689f12b11106d19cb217187b505bd8c

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            ebdd83c9a6696e352d00333c5dbed4fba4ca4a675ff461e7ee70cbd26d833929

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            26086ef98cbd3cf91366468484c5261d4d6464c0597d8e5f9256da72889e3baecbb40b1db4b05620c5d781e60e66dc5d694294d86207d060f3a211360895e174

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+oilvv.png
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            66KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            358a3abc04357bec41ba1abd0edcef3c

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            5a0452bed1e27d8ce46c9eb94d0762799180d21c

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            c852e250adae5d83524931d0b8ca629eaf5039f1d9c68152428cd5f839e35b9d

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            21a2a41786a6e686f2b801748f1253200a65f5f5632fe932bc6a8c5bd816161a41843faa4e0970504d9525d6dea6a43e9011b0f0124ab4d610ebab7d90329d58

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+oilvv.txt
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            2KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            4669287f6844e1cac33d9fea1c06d23f

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            6bc85c1d69d5b2bf9941438596200f4583d16f3d

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            f99603d8299ea3e94373d6f63facb85c968fb3caa482b293b83792586feb697e

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            5d8cb285fe7b84c0968b87d37fa78ade57259c7934e241ebb3ad8ce136adc00bf7beca747740acd72ce1ae63d6112582cbd69a02679f244e34c7009a0805ad60

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+hhthx.html
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            11KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            6fcc28ecf3c23f8270af101b177c72a9

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            1152b38ae6c56e88bad50e3f5f1513b06ea11928

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            49cf684b3449caf71b3280e896d7dfe337e402700674c146f90e7c2b98cc7111

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            1b486bcf8a8e8438a48f607d4d4573634aaaa1aacfcacf7a4dae2eb4cb4f855526c873275903453f68c89ab3db317e6ae6eaf1ce72da3d5ddea638b6ce8499ae

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+hhthx.png
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            64KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            cf13be94e0dc393da41e21731cde59f6

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            d92fff8fd4b24c9593e26b01a41decf894639309

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            f943be549cb88c7057e115929ef978a1d673109c5edd000189c25b411efe837b

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            d1b66887ebc88a095d9cb3aed0fc2f6c11a9892d76826f793a645c70a20af0b5ea9f4cf11c2be865e43bd946181fa2106e974b747b7f995f5ade38c16ad16eb3

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+hhthx.txt
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            1KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            bafdf8c92dff9d4bd7fb9916f4517ebd

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            b1df1955bc1ab78e489832956804b13e0d93ba5d

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            65338d0e28d6970e2040e466ecf1a6a109e245a75e5279f17f387aff6864272b

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            b1d87d4fd4f11f7b59cda7a3f402aaddad4e5a8459ffd0d7556b6124a8a3ff1f622a9c2846288013a2ebdc0fa9475f6ada05d691c8a76b45d63bb0264a663f92

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\help_restore_files_vhfto.html
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            3KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            10155248b8e5c2f5cc834e07b8934833

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            84f5f76db5d676926f4d6e5fb96d1d8c4900506e

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            a5a90f03154a1087deb8805412a6dc3a2b78d20ca13235a948ebe5ba8fea23ab

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            c369cd73cafd719bd109191ce65e463856fc9146ea7fb890eb19c8c261dcdf6f547d3e42e1455fcc0848b2aa5a0ecc19872a4a446c91c35209e82ceca8a083d9

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\help_restore_files_vhfto.txt
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            2KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            e56415ad78328dd8b04c8c94b316cc6a

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            6ebaf2c0eb0c5627e59d4aa666d023c1ea687460

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            ae1a7e8dc6b32f2ddc9c30773a48830b18aeafbec2c53ea36c58074533a3293f

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            2556191a5e84f5b3052eb338515d1dfe957636ea664f67d297961ff6296fdf6fef1c2c9c6ebccd4ff5751473261cb80ebf03386be54e275f03c252344b12d1eb

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\how_recover+hhs.html
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            9KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            94c838759cbedee22928ec33813f593e

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            dec58f346656c38dc90653f9a9d9763097075232

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            b7d71c722240375bacbd85fab4ba880cdd75e00cd363f63e7ac8d4e78269e9de

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            176de5b0865ac437812b0a12ac2b447c9872d8879ef1e5fde5967bfa09226573aed46fc209575b06507b76dbad49ff5810fd92b36a4451fa4d704834331d2d5e

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\how_recover+hhs.txt
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            2KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            ceb22c296fa0f8fb64573da8e8903a36

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            c04bf80fb12ed2343092f66039f6eed91c29ece5

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            c8b3c429202c47dcfa00fccabf4b4cee3cf27d39e524013637ad2155f193ff6c

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            9e06018129ab1eb602e7d1eac48aad9baed3456cfccfad324b368c8cbad5b043e0337a54844cbbd3b1d2e183743a28a84d579c6a56a7a67cab206c18c096ab0a

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\Recovery+kyygd.png
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            68KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            90887ae80ed340efd8535575f15ba5ca

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            3061df75c470e0bcd9b321f4f5956b0626292040

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            93c8708ee162eebe5727f4b41e71dce880e85258676c4a9eb572499d03af59d5

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            e955d2da90be2470092472bc991740ce43c265dda8474800d035f0167e583c0c92fc559693ff9680fcab7f2cbbb26b30640466e19b40bafcfd42248cc951d9d6

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\asasin-41bc.htm
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            8KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            3a12ba6637cd6f39005757a732aaabeb

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            65e594e15b3647568cd1bd912625fa7a223f211a

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            c46cfd1cff181d65f0984d8fa92888c69ccf2615a9d04fd6bf87e4503cda97b1

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            12464dc4905f08393b7a717d41b2717dc7e68f4eecaeffbb0941054dff6286ccd56c6e474f097f7cc9ace4a21dad2af751e191fac2ead8b44db1ebb110863e3c

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\_README_1VZP_.hta
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            66KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            d2ea5fe712a33a2d2f34312ae28dd8c6

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            2aa4c00bb4406ad2cf7ab4ce1009f92e3318c07c

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            7fa45b7a31681e383cb53b3ca2f5e0f35c58056ffc0ae9d6b0e2032c8808aa71

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            b1f573f89b97c59e97255dadf0582dd48b942d44980e3ac75dc5efa119061cc748c645dd031de513553d0945cc9a006f98f19e8ce92056ba9bd72feef6cea89d

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files (x86)\Microsoft Office\Office14\1033\EXCEL.DEV.HXS
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            6.7MB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            810892aa6d67bd44989d1719da499761

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            82a93c58562633a8367fbea2fcd5bf093c8c9488

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            fa0d5ca67d218b3296b4243c39f5c9817b307f227145b5e9c867fae77336fdbc

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            181ed240f702463d302730dcb4a80fa223bf6a261eb298c884da4da1623829d3987f6c22a9157c649d58dd3d8983ef6e6f797bc2c600e0abcbdf7e697660ddb4

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files (x86)\Microsoft Office\Office14\ACCWIZ\ACWZDAT12.ACCDU
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            6.0MB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            5c84e333ba73bc752319920b07fe13c5

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            bade0844ff4cecd57a6199d5b5c8bf5eec5e365a

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            861de5dae25b29df9aac08342283a2731c070795c90c9aa7e900dec27bb9bd35

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            380d60efbf6ddad2f26f3fdeb61704a3d0d369be8bd8ffce095ebf95272832de0abff8bd490821694cb7e8c69aede0ce9f388009d9126e7f7187c50f48450e26

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files (x86)\Microsoft Office\Office14\ACCWIZ\ACWZMAIN.ACCDE
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            7.9MB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            705726faa8e1368a36a7f6a40e5e2c18

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            502c50d7841afc067397653c2de41b4a3b1e714b

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            56e76abae8f68e328b8c9e827023b2fa8af04d229933f31f3e8e1bbf0ba18780

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            21770d56250099fd00b16d2d4d47a729d5a3e95557e48dc23933463d1d203607ee351892187309b97c33f252dbcc607f10a2a289d1ce0d19a8702fc71093eea2

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files (x86)\Microsoft Office\Office14\OARTCONV.DLL
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            10.6MB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            9d92e5d067ff3f98a31a29f88c5e9b1f

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            b78a23f89069922d4fd1c8323a7ee58df275ec27

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            917fd63a02065d297b8c92f1afebba63d5b6de6767dd1c40702cf940bb1e0e00

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            f1f2fadc4cae8367b595c63a0c09945839d3f1580d281f1ba960f1858126a4d73c5864cb97441034db51d93f539211804ab0aab220df71f6b2101b5121dd94ae

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files (x86)\Microsoft Office\Office14\OFFOWC.DLL
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            6.9MB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            1917194ec4686f9ae389d5a0790e3554

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            f324bbb1b10ab3555211e31d67bd742f0810eb97

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            e3abc538c791ae0cacafb260d82f242ed39e16828e2adbd36dc55d150f3ffb03

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            35309bc4a770434ab16885678a0e00332668aaca84d310a04934dd66b34e504178c077fa4c1cb36e3d5f3791bc799230c203d0966e4333780b4cb8978d86b481

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files (x86)\Microsoft Office\Office14\PROOF\MSGR3EN.LEX
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            3.6MB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            eb92f57471cab0d1f5ba51536202d6c7

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            8b52c7783bf23513797a1b3715a95c0c82c05b83

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            6498abae19ed829f6a0854c2f14e35b10f9712bb4ca08a67d13e331428a19bfa

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            5ae26bc2df874a96b3dcce526e75a753148ef98d0245184097ebba1f9e27750dc911e7808f703be6493d6348ecef1a9ab685f4f5db6311970e308d1dc8586fc2

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files (x86)\Microsoft Office\Templates\1033\BlackTieLetter.dotx
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            5.8MB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            2ec0520be1322def424023a89a0e1326

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            f70c10436e30e82aa2cbf6df986fcd0d28e04a76

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            f1b545a2450def809c4add05201f1b2b511ca78d1ba7e4a0ffd1e18bb98c8ac0

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            76c37403f73825ca07ba97aa4a9d790433be2202845b43a542a756fe45cc8c34053f7f41330208459ae50d1d1c2441589e7b5cd2c4c621e72e152c9c86e8475c

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files (x86)\Microsoft Office\Templates\1033\OriginReport.Dotx
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            364KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            4f66242ff6bc36b376a16435e428471c

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            34e44fd2b4b4d3f325983120a509a96f549513aa

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            e7244f04f414f5203e63c4edb4efc30f165316758c7ef3da2843338b6a1fe15c

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            e6ee7fce0c9f2d5932151df04db4332473cb9fc03fecdf7a3802b197b69b850cc964e13dc1012bf50b1393f6b176c0043d30c1b06724a6444a516e6c7f1c601a

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\help_restore_files_vhfto.txt
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            2KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            f59fcf34aa5b0143b66257937921e7d3

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            70611effbaeb9b37823e83a574a381864192ebbf

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            1b54ee70b3e0ad1d94c7cfde80f0e0b62708d78af6a6129b5902046051ff820e

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            60f7bd3e449e5710212b4599a73ecf550bfa48d0679231c90b5674e9a24c0b769971cfa6d52b29a5808b5c9ef05c900c9559232b6f22ce085fae155383f399c6

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\help_restore_files_vhfto.txt
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            2KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            7978318b3f74c721c3b48b4c5c95f910

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            b7a1efb26fc1f356425789a4fcf22c80fc618e46

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            7d12da16bf311f7746e7f4ba56b24f60e840509a07f31a418aeb40f806c3d41b

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            69594989ccd4330a398a5bfde5a3ff3e4d7932698be2f03d006d41c7c8634c368418449f999298f339141aeda53f0e6daf91f65c7bd542572959d3546765d4c0

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            11KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            4ff6989d086ce3c68e49b442b5db6ec6

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            ad1d6803d8b6f54969b0035dc1b9dda866d65f21

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            81c8f1bd119be53e8080046e3fbc1576a4a5ae60e07399295a2b6ff5bad4a66d

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            53bf09d9ad726bb706e903128cca5fa4c534cca679d83470bf3092e8b836df0aadf6433b7d12570dc071a026b2e2e937609c5a0da11dda0afc4ecdab0d31ce3d

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files\Microsoft Games\help_restore_files_vhfto.txt.mp3
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            2KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            6e742fd56d99b9cd97cb76132277e729

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            0e79bbe968d83755d5c932f22c9eed7dd1c718f7

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            a048ca7922b64ac073a7940d67ec01596eefc3bcfa5455b7e9ee3d481818b2cc

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            35cea8d4e25002bebaed679e498644abd3bd0f0274e70c31fc84cba4e2dd45efe2299c6a9847376a0a99970f5046e7609e3a7c8df21054ddd5a6580dc2454545

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\de-DE\asasin-46a3.htm
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            8KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            3d805f892b4b5911611fa0137d43ac3d

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            bebd45f5c577ae3c69c804f117260799c6aa54ab

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            45ed6ecd845ed78d9f5458694804e1f12c3573e64bb34e2b6b41f694faf5b88c

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            6b35f4a9f8162084c6209cd7302614799e089fb9055f2ff4174cef7e2def54f810ca1553c4e357227912aef0e7c718b2e0c47b890150a5f84db37c07aa2f05b4

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\ProgramData\Microsoft\OFFICE\UICaptions\TYW5GUFU-9AF8-SADT-5D562DCC-F96D2B8DA3F3.asasin
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            213d819705cf9c3aea405eee070b8fe3

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            bf6d7d9f2220bf0a87d58a08d862798be9785f7d

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            34755e8b504b0a2694322cc5396274b3c1753dfc347e3efa634e5bb658091fd2

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            faf57cb91036037570143828bbfa89425f7dc72c16f0c16299113e1dc7e85090819fa74e7e1f056fcab5b98164d8c84b46fc63db7d2f6f8adae7688d5077b4a6

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\ProgramData\Package Cache\{CB0836EC-B072-368D-82B2-D3470BF95707}v12.0.40660\packages\asasin-ebf1.htm
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            8KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            715be74f8648d46672206f4fe70b835e

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            e870d87ea0c0e817257b26299c2797073f3b569d

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            f235b2e1d90faaf74d1ad6bdbe316f05dbff2616a7f68269ba114e212dc5b67f

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            0bf41c956866f21c9583620e60de819c8780c99391375a93dd1edf41901153a478ab32afde09195a8be22872c91c903d99e2e94a022c48b9a6474b0ac29cfb2c

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            914B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            e4a68ac854ac5242460afd72481b2a44

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            df3c24f9bfd666761b268073fe06d1cc8d4f82a4

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            579B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            f55da450a5fb287e1e0f0dcc965756ca

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            7e04de896a3e666d00e687d33ffad93be83d349e

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            252B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            998d8338a8e18192e8536c059774eccb

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            ad261cbcac4fdb903b1bd015035402e108170a54

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            e9a17b1e0afdecec8255a5a68949587535296219d6e1ac99bfcc2e0cd8bb9e96

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            90e5ec02344a38529a8dc8f66fe480c509117e2e423e542d0be82806304d7f0cf347a26a88d2412c1963d1ce3f27cf0b468e458abd45f8420babf872e929ea84

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            252B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            6f445c5943fa626b54f1ff5b1ad35869

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            cb7116471e7b3f543b2d7d802bf0c840d8e508bd

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            e364ffa0ed7443264b70255abf74ebd0a515c94fbf65c90bb983f485b0665fc3

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            2aaafcfc21bbcb31602fff86190ab145c79c6e2662f4709d96494e7985191188d3c9ddd8255f338a8b2cd3f929694c21a73f7292322dd69326e4fc225c11fd9b

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            007759e0ea12981903d7781c2f9cb953

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            b39fa983874d07339c54e7b868cac8aea232198a

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            154114843efcdb48cd4d365d20335045bf95ee4656c90b6b3a3facd483e9614f

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            c201e91b5dfd7c1b62e6dc47297d18de869f5bfe207d4c4d39a5cf983e1530ab787489b3ea7059952649ef4bfd6c08bddf2076a26329d273a32181109d08fa56

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            4579a3a11fbdec2fff5067510fd4fee9

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            1ec04cccce87a8efeb3e919115c6a643a17bf82a

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            470e95f9d5d86d5ca25428abe4e2de46dd7dcc3c8280a9f4087ae42cca18df03

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            fc62ab8453e9c3f2cab7bfd6a92f4b01ee289193a010b173fe3ecd69dd657feb6ddfd90fac9a791ba74f12804fcdc41bd9857a305afbecc9dcca90dcbf997307

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            95c434243f529be803a39c7e2361adce

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            d270bafe3d87c49a08027a50864e7c29b9261190

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            babf1ade56cb383922b7376958f3f5462bdf5e1bf4d0a25021ff1a82a5ac6bd1

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            9d8286a4aeda8d6f1e2180d20ca1d99f8d874746e07d49bb66750b6f17311029a6a3d8ef229a12c0002d96a481d18aaec994410e4e8fdb1ef73bfc8710f9dc0d

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            436a35f37ea2a92f5d50d9a802079d26

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            9834e44d4d9961e16ddfe6bd1ccf420672f12915

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            7efe85056127af439e06519e2528b8391d703bac3de4dc09ed3092aaf4f8e4a0

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            ffc10cbff2f3fa07f831d53455170782ad412ff5d26b9af70d832bf8312601bcd954d11886cad117007ab6f617ed4965f6bf1e356c59a0cca0c176eb05aeaea1

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            89e8c0fd646419bfd895c4066e06d10f

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            72678481681863e21b8212707486b769a2bb75de

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            40d7e8aa00026ec252e841ee4f577d994612572aea8fcb72188baec20185d374

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            03e5025c2f980512e31c49f85dee0f174080609110ff98131b5310c00794cc51196ceaeb7e8acdcda9b31b818e207a82b3b9e11f932581d2d0b1dbbbe76db245

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            725328defc2ebf4f8343c9f4ec66982e

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            0a4e9326e9f4104861a08bf36c864a910f780299

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            05c3e874623c0b27199137676b15c06cdf91b3d94309011a161b2de4b1a3c5aa

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            c5c425eda974cca8f220bca21ad2ba2ac04649b57a84cf597ab4eb79f679d163955124b49e43c7beb8e0b41dc8b02201bb6c951d738d0d67c597224c506497da

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            455e87661fee83738842e8222bf8188e

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            60f8369d5a1f14a5f96702dc240da58e6be1825e

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            85f2feb5f0856bda56ab390b58bb41ce86d07083a4e6b72d6fa9115ae2c8c298

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            2b7834bed77f96f434b159a6a96f306cb4b784c9535c2b31709210199fe93dbc60058b6698b46cae9a7c096a3ae275017e131e3d65733dfa8a43d99d05681424

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            8bb929acdfa970fd2069f1d3db7ef4e9

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            6f58496178d0116e14a7c47aba6d961ef3bcf259

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            456f34ce70683524c202a2472ec8a4fdc239df55e7c6ddc099e98332164a8679

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            bcbc9727561641a3d5015218e3de58e3d17c78bd54836d81997ad077e953f05badfee586cf522216f918f6c6c976b61c27b56f3d9b2637c980ccd4d620b1e8c0

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            38f6a48d6187ee84cf35db7520884208

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            fac0197de299ec4143e80eec669f3f4d69a41b1f

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            bbd3bbc91ddda279f5fc00409ac017d6d38aa135fe06ba501dfff21b1b1ffb54

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            4cc62c86577ade96fc80210ce948a187bd26091848e735f836d36335267c9e8a1663e6270eee283a0b28413b920b48ca0be4c0667ca4a62bc7e2a10482311ec9

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            e651a33fdd75cf6400d02a1d11a95e81

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            a32b12a350f1d9cfdf037fc813ff9bf5d18e807b

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            fd2fe914be19501c8bffb84bbcaffd586e465d714a59275e42b4148390579c0e

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            ed7e212c7fb0f7b699c0c0d7fb4bba458698dcb640d3adcf499e721fa0ce2761f8856ae4f30bb9e009db9ded662e5ecf10e277be84cc1ee8caf164700352ec83

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            a6311da1fd56e1cdb433ef6aaca8c2f9

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            4121a6de9265d0eb9650e41a64bddd45a0bac21d

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            6a5ff3c260c51527cf56960e3ec26dc18296e18d10307b86ef284d2da337cb86

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            38bf73b6589b07f6e5e593f6f7120696f29b4d833ef2d92354b1cf01794104d16b9b5152261a17142de9cd8c78eba5bc9ef92cac12bf3bcc7d414e4a5d99f9eb

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            a2be3f8b4583810e6949f6503b0f813c

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            9b60e6f7d5a281556d7673f42758913273c5515c

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            65479cb32fc3e80e5abf5f8c652048c0a86d84fc8f90a1830167419049579334

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            ed17ac21a5c9d3ea2025ab0cfab515aca267eb09461cc54971c4b1acb16094b32195deb1c9da8a08ab1f276449ffa069abb03dcc66e818fef215236fb4980a57

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            39b400736b283af181b08e7c54781809

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            ec1132729a07074934bbf7e762660a7c7bf56d0b

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            1c512ac38d9c068145c553809dbe3aee4444f4371d4b13579bef8d1aa72dc80f

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            81c33eaf1830aa678ac2c4a6ffcc87ec019e62abfd6e8eedfbcd82e4ada862f358c3e6bdc9b22ae85ad16abc957b12ffd1b240927913ad60513d97332dea525e

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            65113e811b0d7f048e55cfb4ee28aa9c

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            7a306c6e8faf61d0125325771e7b6d6eacb2e5a5

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            044f3d08f20a3ea1df6630026d0ba32218559ce43c9bbf2b442fb591f5802ca9

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            8521abe15ee37adbaff7f821bc77d972a8b27e46540ecc2624573f185c9adbcc21b9ef7c38f70c6b0d6e2aeda4c692d2065427af64ab7d347ad845052ea7601a

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            cf20f6df46f0a390b33ffb8a57a03970

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            68a06aae55a2b6ee422be641857b3cc58d7d5baf

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            f2d6f98060a9ce90be0d2cf52603f4eaaae83adac4e903e88d34803c911712ef

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            33e8b3ef4871987fe6ee68aae4155b5806374c77d7726ccecc87a6477276dacee8a674f250ebdaf7822bad973ae5314ffeeb108d15dbbfea94af7a8ae40284ec

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            5466bef812b876ae34f3061c5a170779

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            d1858eaf0416ffa4ec4178a2215c1e9eb4893081

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            75267dacfc98053e30ee3c5a1367c142058be2b255e46a504e826ded8e9a6250

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            a3ea7d0096e0d6a540f84cb3b449158d2f89caa3d8051f109abaad334fed1d694c0e756e1850b5dbc53dc1e4966761c969c2d2f19f696c0ef61a11d7965b6b3f

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            b0637ccfee6607643a27728474b2ec16

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            31213726f43230c3b5655c95c3f872f146ae026c

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            9139851efab67903a2376533cc1050fe52a94ab5e64c4033ffe183a010e0238b

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            7e0cc3cb871717580141c04d1c249454be02443550f531228bcbfb779100fec66716157283f3168f01fbb0120c00c8784299b1362f958b41ff94fcede3c12376

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            4735e61908ca41a381ecfdfad5c55237

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            900123cea3954119d5e33807517396aa4ff672e0

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            b586c121ef5828e805a1ae277eaa9157621d581d41e1888e1e88acc5ab098c0e

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            3cfc89b6f75dc12faa035268cb1bfe078f2275480e162be81b8f949ad2e1809be8b5e14ae77029574936e8923297996ee7c4e9e1bc23382ddd1d47aa1fbbb2b7

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            feb389e94d08559affce1d29759b4622

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            2e6b35025261f418ac86c6a630254261e4fb22a7

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            7f83ad10e7e494cd61b29d6f0aa91920e93c4d594bebd988518dbeea0ce34a09

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            7729c8f776602f3ed695be8f940cee55d963127cbce03385f666f3debe3c5081a9341c465dfc503d038d97e4cadc8ae140997041cdf5f1f90c48905952dadfe3

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            7beb0a886f17fc2393f117e264d87213

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            357bc2a4554b42341d240f5d305f5787fbb9d697

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            f39d37fc6ee1941ab921ebb65101f44cc11f005c2624846c070cc934fa9bc6b8

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            7f3001d2299e37642006e911c4c0c2fee259bca6d62ca5ea74484eccf90175e9a545f28a37574f79d51497ab4136d1c171cc9857530f9b16847aaddf6f60e634

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            3183f377ae1a1e36a2b168c085784876

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            08f38a40fe3853c1dddc954625cdcf1f9c5387eb

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            a231e6447fbbd7b24c68188b06828f02a48973e9e9aa012040a92bea3a2a3ec0

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            16abf461fce4147159a469464323ff9d16e4b118a4a436befe0cece847dc8b8c6238048d3b24b97dd3ce5af252234b0a78c5980be8cc39bb47e682c17586a644

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            9fe2d2d1ff11f307879a6ce29f4fda8a

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            b966c03286ce833be77e33d23fe534d2de71c4bf

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            d796ea757d869150720a70260d061c86e661005c21140fa79fa5d95323f72d09

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            f72bf3f6cc6a76c38ec060c4d54a6377ddb10f988babc2f075569cfabc85b368c420b54ac7dbeeeee9b5b1fcdb0bcd8c0906491900c6ad7c3cd58861f70a9a51

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            b80b99e69229869fd29a9736604b5946

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            f24bc6b175cad5bcde25d3f11989cb5c1bb16426

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            b13f8c7ec21ea487e9dad00cf664ae6f8ec66bcc1351c7c0c45dec622ab113cd

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            c6b5ea6b85caeddb249e1b71ee1c4c7d9af8a15e370bd8efe99a59e336b1d8dff9a3abe0a8612f5f1e7c8387bde8993846ef38ef5c9ab9fba8c55022fb69b8fb

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            bb2c89a20cc4c1d422cb91ef39bd1634

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            c62dd63e50b05a7f88d80fd57b236b0716a35a16

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            dc606eceacbfa2bd01f201300794be6a7d0421e55f473e0d9951d8c059c3216c

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            55c7815b77e967b33196c9cc7b2f68fc25bd0a8fbacb9a4a721410a284916239c7c81d9c4054f53cb7d278e62d5b0dc1f439b5ad1061f40ea74e9d0b30c48fc9

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            3ddc06424d52ec4185f4ee757ffed375

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            72a55a4f6f123c3c07bec9f903b6e5d9367b9e90

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            29a742ea45edfce1a4811d680972f35012a7d899b5ca56086c7f18d1bace9712

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            6f93ad8a0c47c3cd8cf960c4a044e5d0cff68df4417ca7f8ac504c0a109406ff8dc7b658b0ff8ee45123776f8636b7adc162d2d8d6932a48242f93693e76b374

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            012a0aa7fb4efaa96565a4079621b815

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            df23541a5eee4a7ec1f767978b159ac950b7f748

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            cfdd0da2bb3cb437d6fab42cbfca56f831156d501b512ff8e0ebfb70320c8c7d

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            679362c6d5f45fd3b1d2e16929a7b0db2d47d7061413b3cfad3b69eed14ef128ebca8daa5decb4455281d12061f8e935caac26fab748d8457a2d67928b011d3d

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            91ff8f3fcd27854eb859d5bf14c4960a

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            7aaa758e7e1339557f48b2548b9d052cbd2aba1e

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            29133c5db7b25802fd1b9b5d0c41c59620934ef673c302713f2029a81d4fb9e0

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            14e5a18f953d2f17248f2d569a64db9e6f52daf2c0f7e76084c71a81e28ff5a451c879c91aac032fcf47ca6b4f5f9b4a677a1d5226a4366ad967e53676b42b52

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            24a355d304d1039def335c306bc75dab

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            dd1faf7e3e7eb43de8fc3bcc3a200787e324c864

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            a9cb1e3f53d9c496d0823dc0cf331f89f20e612a9edfe13b207e940db91acd50

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            e72b3b54b7c3b66c1e08aa2008d0d79f95f29cc34022eec22b4dec0b2ce217fd3f163f0114416d05b3cf77edfdc4759c0f255d7bd5a9c0d7e8abb076525b649d

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            4579120c218c956b9e9ba666fcdeabc9

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            5a85a8dfd5ea882701377f8bd990e2c0628bd889

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            5b4aba99ad3754db2f6bb17d395ad5626328fde5d8595e25170a6221d4f3e473

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            6c24f1815b0ee7129fd5cf02fac2adf82004ca9600a30ba9df927453b97a135c41b485a1e5c3f0c8edeb621ac6728d3049df81cfd12da4ea6e7483193d252944

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            b1c96591c2dd0ab978d1525c4eb55978

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            289de67cb750518c1e32ae1761457c96a0b12faf

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            1602abbf0bca62b405aa6d8ce2caa6ccd6e43fea9fcc32e4c0ad72335059d149

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            b754624deb31f117f660d35dc5b1b98227b43067337e7c56223814b632e1d39508e6c74a0e68ea601673d4988988c26544e81550cca946a85ca8ff2285fa6e68

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            66a900d357ab293583ccd75b285ebd1a

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            7724e4f7e5d2166dfe51a9c09e49d9d4e0774e15

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            396765e64f8889d08578d468d82845141ed03a4aca48521c3b1b99fcf2364b46

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            cd8dc32661f9798bcaa09472619eb3cbd373efb38e9a0c5212e518731e7ce7cdc80cc7ad305ac3e07a784e7203fb207519858d308afa22f1290fbc17abf0e201

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            b165eb475d62396d878ee8db03386252

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            b3ed38636a72eba6210b890a1a5eade70b29fae9

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            fde809ed90b101911e46426366feb6214a705b2e23d4bb7cc37be05842a43120

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            3a65730ae4e20955691b100e4e750e8711205243156a94f38360d9da54a1fc5d9e6a6b4453392ea578a21985ab6513b20beeedd646b911f7fca0109600f441e1

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            0ad144d55a0bc81a2155f81dc5c304f2

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            287bc0ff403858d1c3326b06d78e812553f645f5

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            ad589e4ca8ea752c1ec289f8722b7684913ef3c887a288f7393fc9503f63b311

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            12124c72a691831aac2ff9f0a36f922b6a2d2c009bda438dbca96f9cb4d309ad854b1cab5eabe61b7b6973dccc1f10f478228b6d982b9a20ef83f01046150355

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            026380425679fcd9c83a50a06a625d1b

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            72bc496e45ca181ade918d4c602cdcc01124779f

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            a4e0be623679534e6ae1b2b6f22d5650c1558e15af60f6b67f1a4e6757415e48

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            8d0fc55d5492a586e3142f5b4ce8101c6603b515894b8e41f2e13c5810e4b8b5b95a8f8be075f94feecbbee4ab53c1211351431b401d66946c6d3c63f75df140

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            cc06ef9cc605402dcad41e87bcaeae87

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            3948ca24d86081b9833806592bf4413c3bd2c330

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            e160eb935fdec4efb665d6976019c4d0a39517c5b9f76148d2889658f60e3a08

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            8da9f97f90489a14c9d12fd0679e7c1020264808a39f9a96916d5a039b94730beef7c5b0cdb268f9d36b7cfd4cebec89663ebc29289fc86e3cb0387b74d517e5

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            753aa907adb47dc838c901474b2c80eb

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            bc1bb4584383a935a15d786ffdffe76a317e6118

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            dd10d5b9eefe4ba5ec5f24f914ee17d62e5f55f3662ec919f3d93ccc5fd68496

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            a98fe810c833ccfb3276d74277595c946d9aa044b2c0f25bba0dd3ae8174a272a731d02c8d0aa3494c6d0d9e9db225d7fa0434ec67564d0f99bb30b0b53b6122

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            6bf4b25c7c83e0d413ad65d1096db416

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            48b6671daf8caf6480bf10d1ec17082738a1c381

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            2c540c77f40ccfaa6d1257abc1b5f7570b2d39c805b8f18a006a2c8eb24bb5f6

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            75a2bd8b4c113fc1af5285ef82c1765c87fa7c7473c3a17521bc6a77ffc0101b50d25c7216496f4c044acf9bbd2f5c76a993e3c6c7fb95d50e5505ed72a09929

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            110c2923b6fdcd910b2534288d2c9d94

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            0b8818071504b3d7cbfd457ceeae6714b7445f8d

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            3cf4233995f24fb9e5ee40bc7b9927dff31b475572c2f3aaaa1093c519c241c0

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            4810eb52484fd057abbb9b8fb562c066afa8986864050e54ad539d8903b28e030d98530f3aed7f0b5681a8e2689351fd3553c08374be5e8fb43e176734a3098b

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            e3e9abda026d361fd54bf5bde7495019

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            d8e19e95f611238b136fc94f231451a81bb11728

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            c9584819182cceba06413cfa15911d00941a47622a415997214f0d5155941a33

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            2d5e66578f3dbbb66da8d2fb0fcbd7572824f97db21c53964a3c62586a3e7042a90c7f8dabffa01b6337dc5c574254a0e3dbc8688de8dcbb043ef491e50a1bb6

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            56768176b4d5b6b6c130393444d14b01

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            6e5f7fb3dc9221beafc6abb3bbc45fdf950a95f0

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            7e73fa7105044bd6f9eb16bd691b44ca34da6eafcf104352a1a7438252785a7b

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            bbc99f9efd1f114d2e205c845359deba7a103f84bed4d0ad201c3e08b91d6d971081dc017bee24141bbb40865c2c8f1aeb126cbe730469630659a892fc25bcc0

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            6d0afb9d357ca3fa40b2ed7a2483f0d1

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            111b119d2db5c2bcb9ec08950af72678c20c9ae9

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            23c5372007090897f4a740a9c7c5c11b23921d59adf41d39dc7e115c69c1a5b9

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            fe29a715a5b83ce500956f174c2c54bb01ac8a04f42c04a567bc8fe3498cbaa1af1da4e6d29f0add5e9959966afb9c597937045a7ef1ea8359ea1d35ef7afa11

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            82ae2c6fa2702586fa36e7c4deeef76e

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            089439c59f94567b9f8485323c0c495ab58aee80

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            8a8b24abe018226675e001bbbb843bfc64004395a5b0ab4a5ca6e54f5443a66f

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            82299cd04d0df74d14872ebe0bd7769e2ff30b0c52e6195affedf0d81b2e1e1da3898b4db4a4b69020502d33925b205b1f172a88fd47217fc179461ac7df81d9

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            6d2c3f0ec3a4e75fe393ef77957beb8c

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            0d1bfe452bfef747f6a3d35d85ce6b6b25cc2372

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            0cc4110a3dbbab0e31d7eb3334c2d84e8715c288ec101881559596c115951812

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            256daec59d099cb21eee22e587bd0ffd338972dab3204c1d74aecdc391a9600f999449822967e7b86ef1a19685269a1284f2ede8b8083c11846dc7bf0170f681

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            2fed86b618b0a3b475cc4209c7046843

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            cf529be8a485a2a340facce1823037d493515ea1

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            daead20bfd2e7f686eecd3645bfe3b463082e67aa4412c539735eafbf7479b47

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            ac4955f72c413f07cad25bc79fd4300cfc3086bf2da5ff6c48e10493e1368dd08cd5272c0648b9b2e18cb4fea6b153828fca50f3cbfa8d3f7241e71a025a0ea0

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            c6016895fcbb1f529ce98ced39e54ae0

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            597e40cabdf0b08d36a2fa9d8ab522d8dbf6ff23

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            174b487d73775af0e8588644d7d6de00696f9ca756fa53fb19698c9cf9fd4f9f

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            04d56d0823d9cc23f21a4e747d20f99660131c346a2a1b99490facd31235586c54940d3a47932d4d810746ffe22a1c5a9d0523bd01f7a3c8b8bc9ea9103df45d

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            55199e180bffdf72de14f8280a567464

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            699b65bdf5e3fb2e2f8f60f0da907762808a5611

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            14ecfb0011e61754ae9c4e9ac16e91cdfd49d12df20b757e9a0fb51c79684eec

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            fe27d41f564c11ef0f57e936ec288fbd131a572cd3f5f57411b98001808b79e6bd1f470f3430ac03d81a4edf17aa88ba52687088c37707e8f1e5f73b40ee7e92

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            53207518703d80f0b12d11fbc256bdb6

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            4022818a87eb70aacf176b6a7789d63b57b3927b

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            3ce687a270b462931af878543f470cb52abffaf38dc798ced81260e6cf56544b

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            445db60a84b2c9a4443756f7f224815e8aa84a96a80b1acf826a883e8a7bb06aec88b81240d907d599bf96e501c888881a58e365ca0b36f3c4a90d2969a75f10

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            0f98b816fe10229d97c2a185b754eae7

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            fbf94c2ae273f56db96d63d602f39ba276a86b83

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            594900d04930618df95fca7885e5c10283fa7b9ff87b728d61234c23fbba71f1

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            852a723801ffb2ceecde3e50f13972190e4578cf662cf87b23bf18971fa15a40a2c40b2266048237fa3b03e7820b8e57479516008ef2b0da232a046210163b1a

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            92ea032b419e95e46166d2090e0952d3

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            7af033ed8ad608f983b98b298515775ff3800e8c

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            8704112f0796040d0cbe4874f6f2e36602eab7bde635d803dc1e37e09044ba1f

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            10c01ad08cc1d9f28ee8d5ddd69496e4180812f7efa5a3d7654ec3105e32532133890e3d7ce8a4421b07e745b03a56157fc19bc2acfd4460dcf1cf8d2e235193

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            af781a3771423f6ecb39e3a8551ee588

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            91f9a97eda0cb7224e38ecd79fd3e70754cf3461

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            14d89a37bf1ce582c9dfae14bf55f1aa2c5591dccab87b7c83a96040c6301795

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            55cdfd61f552c1e367ed5f59a31938c6c956ab304ebbc376485a29518cfc35145e8c49a32c54adf25107b469c65a6a731d746accfd46482d301b558b7e141af3

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            15d908d926f8c3cbeafffdf29fa1127f

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            4d08a2b225e6444263801dcd5500e122c3fe1c2f

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            885b3b12800c26bc8d7aa49067676fe1869155c4dc867c46dde9e70f42c839e3

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            b183f281fd11458ce6623b2af741be84ce73a6d0a209088d893d0cdbfc7477c4afd4194a78b4c38208798a521c01af1008a776a74c9b4b28a68eae8f5d30fb23

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            3eda00fc6d81d961cf2bdb4089566588

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            6d9c37cf70c5289158b9cfbc1110ae1ca87208f6

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            7d492cd6ce4ed8f725e8ffa9385c5540d650619da8077b5de37c150a332ee03d

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            b28a1c0c5916398c1c9fcabefc844366811fd1f40f3b98f85d4ca0c220440e9a6de9def23036f3015a9b677b17b0b800a18a6a9f492b06881dd1d969ff378ea1

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            6400c7118a5c69737f0e334f017205e8

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            20255ebac30725eae038dd8a9e1a7fffca9d9fd0

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            efa04c4980f28739c8921623ae025a0a3e07f07aede9963d9bb89d3bf5cd08e5

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            4e4dec2e311c3cafdb3275065348f7148ce9e99897d4d0ec76286426f51e2bf3329b3b8aefdb028f63605491496e08f8748d6df2a1335dce947131cd27857823

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            d9f531d7284be22b69138329dbccd75f

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            1e6ff88938f5bb1bad3107f757d3c058c414b1fe

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            d09e6a1bf46b1d302ad61a5ac3e4e0f66223d22534bf64c72fe85c0168bb5989

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            b10bc93896d1dc8746fc66bfea476ae6563a3aff460cf829aa1f52eca331810810b5501ebbf7d861c8260d615d53b9cbd6da8badd2caa1f7ef2dfe81e878cf47

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            4457f8b86889284ed51b787ad1cf7d1d

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            de4b6e7b3f3950334c7f7ae35c0d46bb789bbf2d

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            486751e99b2e120b0a944b118752e092fc401c3f0b1be310fd33a6e5625a8c4f

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            40188e3443a81643bc4393ef70ed09683935d4eddcaa541e31c7433063e72f938016d3384bf9e61852462d6f6bf3c9f9ce612cc8f964a99cb369c9c0e4b42586

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            c087aa9247e7d0a965d93a12fc9df47b

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            99b45ef4b817507676cc90df453dfda2f8fba405

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            83279b199ddee9cb6657e92c99a674055722a5e7ace393c6b2ba8aef8e740bdc

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            823d48a87453076a0c753215f031cb7c474b29edf8a6a80291564609b8b857e84b3b4fb9a3e874c05df648d70731ec57714ad822f11c32234b3d509fe4c1951b

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            44e30341d3d656893142c402aed52be1

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            ad1f43990e560a0b1357b6ef0aeb168ad4415060

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            5f7858225abfcdcf0dcf417e70838e501b1be79363050093e3f4b37ef1dd70a4

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            116a45de33f23fb088df4b54f18cd8da2e195dfb07ca5e29c749499f982c9e3c1f237d3ec072556769abab80a617b5569ccce0744335e76820db6d277d4d0238

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            ea203891484c9c7c06a13e10199d64f3

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            88d111d0f9677c73d03f185a952b1b3eca8cb527

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            d1b13ec62d7a424187b7c169b6d85f32698215d508901f657f606445c898f683

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            0da01240837b763f6c02b5cf57b1193af4a7038547bca01de342d046639c50746cd03f50bcc80f2abe7cf6c26457ce4247cc579561eae4c4f0856b7382e0fdb6

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            342B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            a458531c8bc5725641ced2ec2661b884

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            9bd052fc6f2383af8474c3b11317d53be1de41e0

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            b9615a7fad2eb6aded5cad780ac6f32123267cb7c26b84562b395862479ff62c

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            0d069b9382c7b3581045baf784292cab3fe12856521695660d9f413563c8a749b1a9ba505ad9a620431163dc3c15ea7925782055b4a86eea2e090909f2437e01

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AD7399F0-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            3KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            0c0a050b0ccfab6bfe6e9c39ce991905

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            f11493651ceaa8604a24d2c25e6e3969034fcd15

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            a17f7c24836cb3a3f3d1afd5deb473334a7695f0414188236a46d5eecb45f20d

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            70d50b13d679b61857e21b5e29e205e7114988bf404173d7ee33d5245085559698ea8bf527b627662a0d1ffaac8c597a791ec19321ce8c924b2e920d0235590d

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AD7399F0-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            fa9c6e397f030c3eaf2756fd54d707df

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            99c845ec18274a04c74516c5e36fb965a29982b7

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            5eeddac776b89caf72d93fa478b04bac94c58365b84d563a61616c6097019887

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            110f23801cdfe00df517118a773369e00eeb9f5612841c87d87e04d7404de8df6302b8a613f9d750d48a0c7f7c3ee8a2b3a47f34df9a671580d6345e5d336e46

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AD7399F0-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            5KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            ed2bd277c5f2a132d7173fca61e85602

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            5abd2efef1611a67a012cce4e569235a3b57cdef

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            8b8ff1fd76b76ab50462c577bd677485d9c9b28776722c0ca102058bd6b58379

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            9a987929f6576c65f0e9d9b223d34c222e6efb3794e143fc2fbb175eed6b4256254302f207e822620ed39b7496aee3fd7b53eb23df0eb1d76f20d7acf10a08ca

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AD7399F0-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            5KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            5682430cadf4f360d7546faa4b877249

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            e81d7fead59fa5978a825c708442f599002534bb

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            a2e3a674a990ac02d857ba0dc94fecfee0d2296d9ebd1426370c7194ceb25e19

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            71fd442ce7b86e32ae1f6cb3aedbe5464a74d8bf0323f30994a4431936c016a11ff6f00c8cd5354c225cf1adef88bb4255892cfb2e04f4c4c94bf9cc86e386d5

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AD7399F0-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            6KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            77a8083ba068a7d08891af204c5c6c99

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            ec688dc14ecd09d40ca3b7940c9bbb8ec7127aa7

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            2985b35394e9a061d23f9e022481f24b786089eae706c63169e826580737d012

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            e6ff8c3b2bbf9d83d240db62ffaab5bf2276ae6c80210b17b6187cda2ba61b66369378623bd9b6eb27cb7f375c731497e788366bb07a9195a5a35130e3afa039

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AD7399F0-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            5KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            e7e5ca20863eb11f2919405efe68a6a6

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            d5cb3bcf5109466eaaa4df3e683c22a4f2f6f683

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            fe7705d143bea50b3af8b8c69fecc7963f99df0774b84e4c752fd77505d5cb44

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            e4554c5af34b414dbf101446cc412e8f199d738c882bd37babbda08afbf3d386109a09df3b6b3130364e191bd8d7444b980e0430ad1d73ee86028aa135067d38

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AD7399F0-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            6KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            7e2b39332c16dbc0e3adcc7f6ba8855e

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            25ece68c5e5c553de13bb974be28c1749c12ed36

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            3b67a5583bafa42948abf6f44733619884d72c54c2e9ffeba81b6d00bdba113a

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            4a14d27d6cad80e1fc36ea8f027ff7b707c3df11fb61c3cbfc4177d7b9fc3aa3b432d78c232d8e5ae87a54855f32cf88baf53cd7af61a4c0faae22776c63cdb0

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AD7399F0-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            5KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            4ae4dc8772b19c135df09d571928257b

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            8e2d7c488251ab690da9f0488d56b18b43cb580f

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            1be629e6884066790470f3f129098c8045cf9efabea656476793d60b59bc0630

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            bfdbcbaecd59919fb46632139f26ea6dc8cc56b5e22c241b54811f2c626d3da814e299ce220171f5633cd171c306999e964ffc77615148e5dfaee7b43b2d9d00

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CCBA1A00-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            9c0c33c055d9cc8a15126d3912158408

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            368a6e9d515836c226efc9f5b507e307920cd13a

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            9cf6345b66d04c757b28d97af12fb92feb672c82d5f245bbe07dbfb2ff276fc1

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            1750cf02a298b5f03883c6e1d50c2ffd4bd2c5b03adacf7eaf189b99bf323747163ec78fbfdbc208896d40f9d737b2b3027abd976511a9b3827ad04878648b96

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CCBA1A00-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            3KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            7a87e853fe16048c5ff95eb426561fcf

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            90d88cdb4f407cf1c06a5c4a60774208ce242b2d

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            3860eacaebb3a56497f6e25860ca9c1fa5271ba78f9d33573fa096eccf348d8d

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            9c65a1c752cacd701605343e777f264eb19365ba93e54287912a96cb0e62bf3fc16223fb0802bc92edb8fa846dfcbe6dfe7f17ae8d81e3ae1e034c10e0ac00a3

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CCBA1A00-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            ce94965abb81f9de9f55d9b757666bb7

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            f4c044adf194b9a6ce806cce021943ac63d6d384

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            22f9b6473ceb33255f05e0c72af5e6250aaa5a594c14b362a3a66d79a39a0c36

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            65a2407a1f93a3768a9dce4114d7f550472d020209b1de462c359ba54bcfc39aa626fe246a0c24cdfac5bd7879b9310ec291f5b47af18cb86bf0b777e7d5dd33

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CD331A90-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            617cd4062af7b5acf8d606c0deaec519

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            428df6e02e57534128054b4a2ace292da62034f9

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            109b1bedf09e9d1c6c44dc3470b9a8d3a10322dad0dbba62e293bbf41645f5d4

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            bb2454647ea7ba590c7f7b676afd344eda6b395eea3daf373cef240003971eab26d2f281e94d69ccb66e16257b4920522f570df1b8aa2735b7a571bb42f34ccc

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CD331A90-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            3KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            c601c733a9367326f011e62ed44be618

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            7c83808221cfe0cc88b0ec9c8efda9a0894dd6d0

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            f3f2c96f65beb7f578b49755942266b38ce5c0ac721ce39e94f29c4b2b83e091

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            cf2cb2083dcdc99b498f021bfe89abd251e7d3200d5a327e67f6b57702bfe724360152bdef7d02bbca50a342050d23b19fdf1d2a64c7de43a180f2b75b8ad0b6

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{022DA260-A1F4-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            8f1db1173c5a5589ea57fb160e9df412

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            02fcaa292ec081a1fc2c7a62a8201e51806ef5f6

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            8dae1a718218f091bf213aede6e40e8863f937ddae52b7b386617c8849749831

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            2dbc6f8c4bf9aced283daa2aa07173bccdc3947465bdca0450ab37ea01c6f29c7ed20f76d07611e285f3cf1ec0db6798b38d3e13922108b9b27ad9f153c58c39

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BAE0DB70-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            3KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            9614e7b9d57638ffd3516567a35567f9

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            c8dfed42f92b0190d2ff138e5fe54e752f58b559

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            4a36f61fb79d32436ed7b71b4338d6a47ff4c1534df055111a8d6c644f791d37

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            96e218457737a3c20c62009a2b508f9fb8ed776fbbc0ccf1a4b0d7d434335f2caeb5081fc9721ee1bec4a47be55f17edf3c05cdbff226a0c8697e0ba87a6c68e

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BAE0DB70-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            3KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            be1c5785ffe0fa9fd14696a9aad74aba

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            0aedaeb45df4eb94a19902ba66a21f1999cd73fd

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            326095325bb6c5b78413a1f4c6574216aefeb3b773f6a6992230cd963c0cd797

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            5b0c96815cb952685e8c699ec8730df6964248aec1b7179e471db7c1f71259f049ec77acb56e066b7ec805981b088328864d6abc45fac80d9f19b2e1176c29c2

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BAE0DB70-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            5KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            1a9a3c6d9052c375af8f1b937dd70fc1

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            c23457b462073a047d5d29d0c40d8fdfe0d86347

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            4d840a4f8b0aaaef213a48d1fbcdfd533600ff24371a20512f8f38e4da25eebd

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            0cfd82d616c2c54622c885e16f126e7983dae4894decc77ced6ef366462ba2ffd824cbe7eba4ea043c4e4e283cd3d13f750bf6e7d000bf88fb6a891068e298c1

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BAE0DB70-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            5KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            427bf7eb2340cf95855d3f46d591ff71

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            6897d119fe13c486c562c0615325e30c4e5d43a9

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            2d3f5fdd3ffa1ab34bf6683de82c82be947198fa04e9f24bfe91af2a6babff0f

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            63f273829aa9909d3d1a9708fb0d07ddd9535d492c613a4e8a4619f1aa7c4bc796c8ea8ac2c9d130c877273654a52f30d2281d677ecc9a6e5ea81c40983de4c4

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C28A4871-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            c4d30af1701fd5b7e5b25bc82ee0ec83

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            e7627dbfaae99dd115b8b62fbf443c6523d12d63

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            7450cbfdfd6cb866e0397ed6500f0f1a85de16120effb419ebd3ec99e2b3fabc

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            36fd0c34f83a760e11f021e543fabed759bd4cf31e9af40b16e68651ce599e917541803fc7a5a521787e13735e3d816911c266d9f031d1a12330d68d5b925a80

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C28A4871-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            87a8bad3971e02c61e526b8b4d5025d9

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            2694c35fc8ccc300760d852dd93ddf08643c6d71

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            6aaf2b1c159434ac2f377c7b459bd2c4569eda0626a26d2f91107956f003394a

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            5ac6371ec7e3d5f54173375446c0c457c7eff8974acceadb2eab17d584a363e81203c24edbc003f1c9a1ca0934c702ef9d359da4156ab5d35a43b18e4817a9fa

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C28A4871-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            3KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            954f380f8ad91f77ac261f3c0a5d0ccb

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            4ff01b7707bb397126d791443b2ce2e9f0e77fa8

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            899a49ce0899ce7f5a83b6d4f052ea882b661b9fc865d3224605b112e02777c7

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            3a7020cf65867a61e91639a613a80a18f6be1d1a756b8b93c189b0de52c9bdacd71392be39fe173ed86ef4873e618f1ce85bf8dac80127b06a8586c7781a86b5

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DC746860-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            25af5dacdbaa55aa8bb999fc9a4fcff8

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            9470cba9b032b3a781b9d53e79144489d0b4da81

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            8074fa6eb5c3fdd9fd41fc0393aea15d79a2c816fdabac09bfc9828cd5249434

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            5c9b164443b0aa8d8bcf24359c8fc8383e433c45b124d244006b449ac9061381656f91b9be05a0f90de0f56ea71e7b6e2e1fb6511519e777a355f3ccf3c745b9

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DC746860-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            3KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            97d3c75079e6b374de53d25ec18b31f1

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            88b992e7ea9a4564aa0a56f0a70378dfebdc175d

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            3173926d93dc19d8f7f805fe8ad2a5606b62a4fd18c7dc47741ebb90c69fd8cd

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            b903c4e6ee678a91075dc6e5ee3d077c9752860ad43730a82ebf8533279462d7749b5f5544d4301aec54c4ab0aac121bb64a9ac23dec5736e3564b20e167425e

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DC746860-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            2288a269f4c212e31f8d95fad3d2bdcb

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            2d84271d7cb36c7d690fa21288eb5d07d085eb82

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            553d56a390c8b63546520c73782d0b03d7c584be9acfc3995a5926d46560c9af

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            a21a6b8338cfdb8a52b57e904a5f7a318649ea4077e58928f60eae8b06e491affb1f625d0bf8248528871a12ef0747922e0cfb320b00983a01ea6bd542303915

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DC746861-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            727f71220351a86d2f4bc5630a823e7d

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            bb520d421bce92eb3551257bbbe1eaaf60fe4147

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            eabf7c95d1538911daffd80386c9b1973f78a4d78ce27d4ac81ed673324b1e6e

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            728df8ff4cbd9a97eb34637036f6192ee0043ac3555f20e85c1a5b063d1fbf9d28db04832f3e5c970bace0d92fc018b0cc0b89f7b4d13f4661f657ef5a03c679

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DC746861-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            3KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            bb4a70280b2fc5582f4dbaf299d9bd83

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            c0cd5ce6d272abe4441c4bdeed631219a5b618e9

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            c7d1446ec5af649eb15097491269d957eb9ead97543dbdefbb8e90b38005c2ed

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            89f5a2fcb55ad87113966f3fb9c5301cd31df6b0452a09929c12cb5f2e614a79a7b06556f41cb9e903cbc8d03552b848c9773d84b354fddc7e5e65b21d61876a

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DC746861-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            3KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            c35fc427bc86557d8626e5fc78c5bf33

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            76227d2f3900950c7e464bcf39a86a466b8feeab

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            eb2eeb355765e261b63fefb39fdfc82d24ed919ca831451bb55e268e00cd8a06

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            5db2c05ba819824ea28f3df3c95ccc0f3d6feef5553c6523934c4ab2d15ce1b26a8f7abe263128d37e7d06b8ecca7ea735f2001912ab4bb98c4a2ec055170b69

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DC746862-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            efff59ee78490bbe872d63a244bcd3fa

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            e66ebb42c24121b344742ecf3472eb386e683edf

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            1a8895d9ff302c6edaeeda375748025742bc75d9ecb5cf49461efc0cebc376ec

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            f7be9c2daf16b0b2f841d3a750960b21021bb2377fa4bd7701484c5ed26436175f32f7b303b50a9637d416c6b73901b9b468cde39f738a1739220a0e9d24aef3

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DC746862-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            3KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            9e58537ee1b69d74ca3a12705c76e444

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            d564dcc8689dd34a6efe5dfcc862919d81182af3

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            1ed638ba8839dcbec0100c49c7a5da7bbe8272dec5f622ad681d3fd58e7815a6

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            d9a3cac2f290c217ddefd75fb9eca0aa57cfea7b6127583d440c97bbaba56e07e24b6c57f9b43859963c3ce9af72dc5ac37218e005b424697e90108cd91960b3

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DC746862-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            9b269d7314e7222848ac7fd30d97ff9b

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            2a8621faac1af1273b7b2ca7cab49216d6cc2cc4

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            1000a4168978a5a07f065bbdd07208f045061021e181317fe33952a15967c8e0

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            78b43e04e003369f4ad72013c5bde219ce069cc32339306110f7716c27b30d469f440bc3358bbaf31f1bcb1cb83c22f680c11792b77ffcc977af52cdc1ab7660

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DC746863-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            8882ccad00a0b38b360c733a6035aac6

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            85b94384d8537004d72941511cf7e791a877d490

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            de42932c75ed45cc58c2e82998e201aacb4eec65feb5624aa53aad1837be7e8a

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            c7339507e8846ab1912023056eb33c0fe7470f7935fdd988df9ce01ad2febbe0f93094f4e4e78eb91a49347eebf39caa981147a472b72887cda61803b69593be

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DC746863-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            e4f4436764f230af18e8d7263d749bbb

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            214c0fe2324967b5a5cb811afa3ef275098e59c2

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            c9cbf79d570c39003c9aaad566d79b4e4e369d039c3e071c64cceebb452816e1

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            de83ff0cf863f5f058a3d17f2b69eb6df303eba97d36f4ee4b8e5683bd427ca2e8ce129b1cb77c482e9e81c3364515ceaab2d9758c8ec2332d0c67a1024f2c0e

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DC746863-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            921c1b47b3a72ddccb39c994bda9df31

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            0db8739529797fafe976768032f5d751f703f44d

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            de8a039abb7deb2cc6483c2dd727c9a168e4eecb4ba70abaef80c6a3f1c2b551

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            ed1745be5fd3d2610d3b9c2986f183c217a10465bf1f5bcc0f6638a7be22f1d791c7ad9f806ee2c83b26f1758141b4d0f4fa3212a2c7c3e46227c5dbbab5618f

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EC085A70-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            5939f25134c2b525695d8b5da261a808

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            ecfb5ea883ac38b8d60d6a1127a1b8aa427c2169

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            8db42eb8534b7e3b04c1133827ceda060c418c74bbd0615442b842c89ca35f31

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            24cec4c29d569bb0aa52ffa13384995ac5e557dae99eb30dfc2a81b2a3b6370be006c698b0d06909f23d5d126a66f63538358561e8c4b184b0f101a97518bb0f

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EC085A70-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            9651f5e4c2f7abfa64ee0eca721bc473

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            785f006a55feb9eed04c451ce0949f05497543a3

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            5bf3e4d3117b03c4c97580bb6578a765d226edf081f6cc5020979bb6a670dafa

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            5568f0868beb6fa160433cdc4b3b035db664293b75c99fcc97545ede602a9e1c9d0aaa8caf77325ac462c4b93c32984c9d37821240243244a9e69980847a078b

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F9D6D690-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            3KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            54c18ce9ef7b571bcd1a1fffd6bd2264

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            f80a95fe1f99cc008f866c43d42a9902fcb19162

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            f48ec9ed53601c13bbd0a22be76aaaa13b962fa3a01fc9dc90779d37a0d061ba

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            5b72c58377cba9c6b51f8742d0d990686d4024faf2600b9fdaccc255204c047aadddc403cfa7f2f4726ddd40a2f6ef61143abd1ad1cbb6cc699b5eb214079b47

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F9D6D691-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            d8771f2531abc98a8518ffba8df4536e

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            d305ea58c1b5117be13d35c4d7390650c05796f7

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            9f78903a7f07683f825d3d8ad3ff2798f2fa04e5a70a8830b898dd5d8af62989

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            e8f98efcceabe35c7d0521d5b1fe5a1bb378ea863dec926946e45cb0c8196d3b39f6b3387857c5b189432dfef5db7e0d85e7f342302a9347dea227e694eed9df

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FCF10EE0-A1F3-11EF-972C-F245C6AC432F}.dat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            32b6ee4561e4d4eaf9e714d772b70f51

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            58ec799d51962ffad55630a89ec8a6ee3bdd64a6

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            d393aeaa05b69ae44b5ac3d8b43541273706128ca5839121083c2532e4daa83d

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            ea49d285c74d09bc13fcdcf2e911b95d503a5863131c4ebb922b29a51d0b90f1b21178513d4ce15186553916c76d288ad27d7bd034e99255fc1e8e9a0ebf6cf7

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\3B1E\1D8F.bat
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            112B

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            c8186299569367f9f03cca5a2ade290e

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            58122639abcad45bab87355837bb34a3111a56dc

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            73c2a2255d1d8266f318275041a6cccbe5a44dfe5813977d5dbb530f597eb73e

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            9f3fcda0b8c7aa81857b323aaded2b48a3b598f34b5ad6836e8fe9c6f6c01e84eaa69dfe648d1741c320b8e3492c2d887f055bb9349f211b30224e1b2e95f46f

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\CabDB80.tmp
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            70KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            49aebf8cbd62d92ac215b2923fb1b9f5

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            1723be06719828dda65ad804298d0431f6aff976

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\TarE37F.tmp
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            181KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            4ea6026cf93ec6338144661bf1202cd1

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            a1dec9044f750ad887935a01430bf49322fbdcb7

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\nsjE44.tmp
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            317KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            c23b825fad3e04e26af81ab53ba5f94a

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            024c688032998747ebc785c95cf1b9a7e4af39ea

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            05945eb05846c190ed7c9f97c26151ebabecb142d08788bf548b1eb798dd3124

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            8bea4091db10b18ff89c03fa39a60eff1bacf22171b1e12032e3fa41fefaa0bc109c50f1eb2162dfa16587ea4f6d596d1163c297b33ec0c1be319942b9b9adbb

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\nstCB2D.tmp\System.dll
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            11KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            3e6bf00b3ac976122f982ae2aadb1c51

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            caab188f7fdc84d3fdcb2922edeeb5ed576bd31d

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\nsz168F.tmp\System.dll
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            11KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            55a26d7800446f1373056064c64c3ce8

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            80256857e9a0a9c8897923b717f3435295a76002

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            904fd5481d72f4e03b01a455f848dedd095d0fb17e33608e0d849f5196fb6ff8

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            04b8ab7a85c26f188c0a06f524488d6f2ac2884bf107c860c82e94ae12c3859f825133d78338fd2b594dfc48f7dc9888ae76fee786c6252a5c77c88755128a5b

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            96KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            e96dad009437ca774035ffd73708bd3e

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            e8c60f196d5b703137fc0041256435d652485e64

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            761e39686f293694ebda3de5f4aca0faef72e45046093feae9cda442429e0932

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            1327f1360a26031a971827e3249f584367fd83cb10ba65a3bfadcbe04602459a1ab030eab12800e1be45173e518fdd2c6517ddd865150bcd0eac0c8965775d8b

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\~DF6678E37013CCE6E3.TMP
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            16KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            aca467cf06d8b1d54e52d12377d33558

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            fc353093782b0cce7624c76efa8e5e197a24e04b

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            cb30cefb9c783f2f38af2689fefd3fd73520bcd8a306fe0a6adc347684969eb8

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            ed8c69cf2e18f8ec2144bb360c32e8ab464bc5be52be3d04f4070509ef5e277304cd3917e535409fb6b0ee81d936950ff4953a9ddf24cef3c5b38cc5be722364

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Dysgraphia.Rbh
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            2KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            ddd2b75c05672e689ef8a9379f48a987

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            f643ad00a58904e4a2bb6d8579bda84c012031d7

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            7417d8de1b37a02b7082872f3726627993210b2c1244a54d4e95d8120e1055a6

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            eb84ef12c39535a83b8548831c21449c9358f1c82ec6b2d96c471b492e340a90f9ddd2d0f56306d54bf29fd4d289f216eccc9e8750c2001aeaf4f166226066c2

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Kolinsky.jxs
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            48KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            7a1b67ac75846585708c628a2dd05a7b

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            6a27bdd6b622e9a9ac0a60668cd1c0be28fcfcb8

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            d8239ccc8dbcf56b1af20e0c6c4ca0b46a908dceb351ad30c57a4350cb0d9e99

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            c69d01d08016c6dcd83bc3e646a440a32705e88d21736b296e2ced2dcb3b916617461e83f3818f2fa4361269781b240508e41c88bff230f4108e1b87c5e21c57

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\K069FO9K3IBR86XAQNO3.temp
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            40f389bc51600ba056d3ef996268507c

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            98f7e803b281aaedb45ea3193fcda0f5986d64e5

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            19ace4e4e9541c7bf0d7060c98d1bae12721a8688bcdd6281154ed1e31c08fa4

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            1095d416f7e9ca999a1b9a4f16e685f6a63dffca452589d786fd6f6c632ad8e700901dca9c46612c320fdcd64e7cbddcba474041390f84c60178d94ba0aa723f

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\{0FB3C083-DBC2-04E3-36AB-7D13DD964B1E}\DisplaySwitch.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            216KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            1c98ed44445e192ccfe9709c0267f96b

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            71eb65b3422f1299198419ec962f0606e8081feb

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            bae1ff6cff01d4afe6878036ae3ae40126fe4e5851e0943a57739d52f489e01a

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            3f781d3fce9fa1fb4f9aa544754904a99ec56167fdeca779de8c14ec359aef50135a16365fd697a4158f71c052830b49a471208bf4c9448ed631fdaf438f4092

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.MSIL.Generic-b2285790c15dc134d3b2556bbbadfa8a5a66b169a565545f62d23043433e2468.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            394KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            c645156439e9ab3a043e88bfc4e7646c

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            89f77d9279fab31d6b88dea25e86f72c868fb3f7

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            b2285790c15dc134d3b2556bbbadfa8a5a66b169a565545f62d23043433e2468

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            93711e45dde15059f7f95eb51733f2431a3b4023a76dc3ec5b39f97186a789a8ab0b805deb2a3824dc94257495c351ddbe7bfa6eaf5aa38f715ee0054a6b6e9a

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.Win32.Agent.gen-d6e35e20d5b7fa3d0b5352b4953701cabb4ed2a83d94dc666ef9900b7c53394a.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            277KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            1e2e5d8a1f9261586ebe65860a1acad1

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            05700516eeef80128eaa18f759c1e007627dbf9a

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            d6e35e20d5b7fa3d0b5352b4953701cabb4ed2a83d94dc666ef9900b7c53394a

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            cbaa26348482cd6dc8c8e8351b2df22325e873759532d17816f06e90cbcda9be73337587d7ee7011dd0113d606fb609830a4e84f3999d86541c3920d904ac01d

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.Win32.Agent.gen-f7d000fad48f47b3b9122542e05244b8a6d448b502c9018aec5ad292fcbe8760.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            487KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            b1ac841260396852155987631e67a56d

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            23624cfe3573f72f40c78f32d0f8b7455257854c

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            f7d000fad48f47b3b9122542e05244b8a6d448b502c9018aec5ad292fcbe8760

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            e465d49b45ae742f70a3130918ff2d1534bb7786fdd0ba17b7f0679eb7370f13ee3495a814f47de59b8a1e0dc45c4d03376d6ee82b5d0ff4f2cd1075c32a6f53

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.Win32.Generic-07f90d6793aeb953617a06980862921295b830a27b616cf6bc42fa02b00bd8c0.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            134KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            ba32fac7630b66e8bcd9a68f1565504b

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            7fce833ee78c94693e21a45d8f4cfa960ddb47e7

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            07f90d6793aeb953617a06980862921295b830a27b616cf6bc42fa02b00bd8c0

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            98acf94d0c01109d609adfcc9a1eae0c56ab22f6dc0b58172a5757e5cba3171746afa2441f216221eafa3bb0c5ad1269623e4a3f2f1a5c60444752b277c60ab9

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.Win32.Generic-8838aa8f412eef436c63cfe501c868a5433969fcd6fe2b571a11dcabbc38839c.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            139KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            a733beef6f383b9c626bba0dfe0b0450

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            d7f08ddf7253c2433edb4cb663202e902964a43d

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            8838aa8f412eef436c63cfe501c868a5433969fcd6fe2b571a11dcabbc38839c

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            0672b86b41b925ee91881a7c24c02e756c827199a0e06d6bbc51990091fcb6b7e2345e6a34a2e2693b5a106cd465b41136930ab78514799997fa45c77dd171d7

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.Win32.Generic-ed84a7185bd3decfe9104fa3f6dad24bb0a0ff27a1a792a05ef0f2b010bf7b9b.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            189KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            7f20b566c295cb058b55f69a49d0d83c

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            2f53999c8d41c62be58e4d067f18945edf4e1ff9

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            ed84a7185bd3decfe9104fa3f6dad24bb0a0ff27a1a792a05ef0f2b010bf7b9b

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            0d51a4aa18203e9ab34c3ee66a70109d70bd36a2a3ecfa36886d4463532f2121153250c10f230b1314b2c519b4f1d40d103ff590c5d076cc9730247878dd64c8

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.Win32.Locky.vho-65ef86f0fb512270b3214bbdd9da2aacba8b84d8b80fec6694bd47dc5ff4346e.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            517KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            3b0d88e51bf8a7043c8aeb6d30fa3350

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            979ee35242d0949f32672336c9152504703183e7

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            65ef86f0fb512270b3214bbdd9da2aacba8b84d8b80fec6694bd47dc5ff4346e

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            53b2e82f792988d450082928e769e63ac6611140e8c927c1152660c1e2a4996c4e4a86b3fa44332c085e99c23c21fa3cdf9a929110bebc088cfddf18b1fe53eb

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.Win32.Shade.gen-f01e60b97574b919067bcee155496d87f9a594e3fc10999dec998e0a114349f5.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            232KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            45dd0f822e034f1813ea762823ada4b4

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            b4b55a1daddf784e2fa54e56f8f5c28745a4b290

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            f01e60b97574b919067bcee155496d87f9a594e3fc10999dec998e0a114349f5

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            2b0479797a52a6b0520c07f615b867b1478e5f3753dc0fc3c119f72a9aa79126207d263c24610c90abf8342ef062b4df64de9b910f2588635366a79c59c20633

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\HEUR-Trojan-Ransom.Win32.Zerber.gen-c40785135751df957b18fe5c0cb85309d07086bf325dfd3635ef0d24e5b19d18.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            396KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            476f48193f5e56bef170ce7f237b781c

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            73f49660347539b1aeaad32c99d9f6d927da73d6

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            c40785135751df957b18fe5c0cb85309d07086bf325dfd3635ef0d24e5b19d18

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            4c09e38bd051316eccb4c0c55ff903b5adc31155dc9cc5be4c21a9e4173ae0d12e05d6b15716cfea0563223ab9cdb6252a31c378a54f178f83972482e4329187

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.NSIS.Onion.qeu-fac2a55288f5599494534e62f18a28dfb4311562fd6986f0c8df67b7b1d6b768.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            114KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            e2949fda7d22d37c04c159c58219db7a

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            e37bffd19eb59e02c8d483103b700a30224dbe2d

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            fac2a55288f5599494534e62f18a28dfb4311562fd6986f0c8df67b7b1d6b768

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            af23eb31e5f8214edd70927015ea66a05217da509043dfbf2e869506883f67779b5c78a5246d0c43d50c453b89a5b173c3cbb3645c0daf6e3403f3d603566fdd

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.BadRabbit.e-630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            431KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            fbbdc39af1139aebba4da004475e8839

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            de5c8d858e6e41da715dca1c019df0bfb92d32c0

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            74eca8c01de215b33d5ceea1fda3f3bef96b513f58a750dba04b0de36f7ef4f7846a6431d52879ca0d8641bfd504d4721a9a96fa2e18c6888fd67fa77686af87

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Bitman.acku-95e36cbc4da84536d810aa22ddb6768688c7883065b3e17c946ca80c5ad4d328.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            328KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            ad99744b03d49d57db7a1d882753336b

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            7f1bbc2d16f2ffe142a167b2154a6395d22650f4

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            95e36cbc4da84536d810aa22ddb6768688c7883065b3e17c946ca80c5ad4d328

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            fd4a0927b79c488a32d702aa77a0be386d9565ab26eafbb6c16942dc52349db14a3b355c81fda107f8119f886e44662373e79e64efdd7f955c19296750cc0068

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Bitman.aerw-99d41e3e130b1209dc802bc94fc7c6af023ffecaa40358dac4d57f2f9f4b42f3.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            316KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            9e1f7d4eded2b08c003650ace9fc3a7b

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            2795600759060cf55ea6d903f79d7a332b9c3411

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            99d41e3e130b1209dc802bc94fc7c6af023ffecaa40358dac4d57f2f9f4b42f3

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            f0e31ede68901e6c8f24f452acd6c758941e883a7475d9eb1dd274af91f20636df82579135019c72a5c37ba21fd09e47074cb3e1a6ab062d2c88412ae5fb5752

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Bitman.juo-de0882737c9f77c79c5618f955616ca43782b2d0041e424b06cccedb2e72be54.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            368KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            a829b4ce4529e2955e369402ca502298

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            b3aec6248fa938e2a58d3f039377b44d05a8a945

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            de0882737c9f77c79c5618f955616ca43782b2d0041e424b06cccedb2e72be54

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            062d2cc89d64f0df84fd7398c7863d8105865695d19cbe9a683f2d14a5401826c0ae811a425a7055f149501301e03fca98e5a9f368aa60beafb43e2ab245b942

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Bitman.kba-d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            372KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            98123b80d89e6418b7d77ba8be8b6a50

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            e64279b40062d404600eb3d901358c532f2aa3bd

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            4209f8a07d207c3cfe2ffed8a5d909a66fbafdc0d0ff6f27d6d92b96c9f2eb625d7dc03f46ced2934ba314134f1cdb59df5d2e01e0f55f5a2ba0874ae31484c5

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Bitman.kmm-52a6bc011e4c7c6bd623df1b25051609b47a5c60f4d9e21ceaaec05f8ad6c4cb.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            392KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            e54eef0b1a3f4c6d7bf5bff137ee6eee

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            d4848dcbaa6f25b877a4573d779cea4451c004ad

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            52a6bc011e4c7c6bd623df1b25051609b47a5c60f4d9e21ceaaec05f8ad6c4cb

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            fa093041180e1a7cbdc7690f3c9b303933a9b20a2759e6df51b951eedfd725b6f3ff9480d0ec97a0fed3376540cce2bb9dc99037f4db14e3a34ba06c0acd6c2a

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Bitman.lfc-e249d7a44eda860d9c7f294096fc432f7c5bff3c7fbffc023d303b16cef81176.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            388KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            7a3237dba04641433fd3d63dd36678bf

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            b2f9a9fcda6c3774634dd08517a1e8d508e3e263

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            e249d7a44eda860d9c7f294096fc432f7c5bff3c7fbffc023d303b16cef81176

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            b26552cdd9dcb4bad1a2d39d00550ff1f06e8382078aeb6f6485b92a0d5f5fadc13c6e39d7cb083b691b44ceb53292471588d2853b7c869263521945a0f6e4d3

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Bitman.nws-c26cfef66ca21ea663291a338f2306951b23bf15827b90bd10d28f22bd5c9c5e.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            608KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            17b69de5712d9ba3fb9f25747193f93b

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            ed8806114c7160a05d30eb7ff15076781598bd75

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            c26cfef66ca21ea663291a338f2306951b23bf15827b90bd10d28f22bd5c9c5e

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            a8ffc80ee3f7189a487501dde2a692795e47c16fedaaf762e9fd308d5dd218f135d0296507789327bf5e9f7cce1b74f08d8c8195537aaf47df76bd482015bbb5

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Bitman.pre-6e7c24727b20f2a1a79bb3ccc41493eed829ef79976310030d714bec8b15fbcb.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            285KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            28efcb80dbe1c0c14ac9ef1a85942755

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            b03bad59da5102cf0da95940badb304292fa6417

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            6e7c24727b20f2a1a79bb3ccc41493eed829ef79976310030d714bec8b15fbcb

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            2c25f12cb053f1746159a9e459c80d2965b612e1808e7542e0d1953f7b6c6e5ea4d1a3b4a87c54356c819e62825b8107387a10b13c8c931a764dc9cab065bf6c

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Bitman.qkb-0509dc1e220ace6698b2df8246210e750659cdc00a1926024342727d7a4d599e.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            484KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            9a665d902a8ca246c3569c977b522942

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            9b97a369ccf19bfab60e2c2d0f06f702df6ad9a6

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            0509dc1e220ace6698b2df8246210e750659cdc00a1926024342727d7a4d599e

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            5a65f0308a18120f24e9e9692083173c669c8a203534c3c57d4b6f7ebf90bdc6f4bc1338105cf1307739a332c16751131cc99cac880ad7da877f8853e3b41ae3

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Bitman.ue-794cc0a6f34528e914db6c31defd2b14f38e6d4d281b7b5725f5d7aa18299053.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            545KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            d1994fa34f9a076e0020417b7f723447

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            4334541035e6c1bd6abe98bdcf056aea6618e324

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            794cc0a6f34528e914db6c31defd2b14f38e6d4d281b7b5725f5d7aa18299053

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            86c044ea97a44d7506bdae8e7b5dddb93d24621ad28d061fcf76115b8e4af79e3de5f4af02bf89ee9497fe3eedafe8ee6c46c99c736d5a4ce3ca4a2132d2fd6f

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Blocker.meia-57c58acac2c3dc6f92cda36758a042015808674df4f3bfaf3b53044afa433057.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            63KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            3594613ff1bb8307d4f7dd0de84c5169

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            9243924865d32c720b00f1a4f9de9fa2543d8294

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            57c58acac2c3dc6f92cda36758a042015808674df4f3bfaf3b53044afa433057

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            fcef5783a204f4351f528e60d120f1152f65cd89b5ff39fc31859d9a587a0370fc749a9d824d22048ce18e4e8fbed5b6e065d954de1dabe57b60ca8db06bef6d

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Foreign.ggoa-43356fa28c91f759cd21038566d2404cefdb94f27c6b877b41173bc17080afec.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            80KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            a271608588c6b445a6e7607ce8833a54

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            74c0bfae783fc60394ac93767d8d4cfc99fef956

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            43356fa28c91f759cd21038566d2404cefdb94f27c6b877b41173bc17080afec

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            6da247f6ec79b3465d1d6e01532650ff4319064709052001cbe9f57e8ea869f0ee160ea64170d8d24f9cded44c78085f4ab94fb7b7ddbd23ed11a88a97f973e8

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Foreign.ljru-471b672db91c19b8d71e61d2760303ad1b7e16b47a631b573e46bb5a775e7916.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            141KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            c6d49ccb48b3c4a30c26698a8f1d076e

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            4f984e192f81810cc396ce679ebfe333d2634093

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            471b672db91c19b8d71e61d2760303ad1b7e16b47a631b573e46bb5a775e7916

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            0b1a7e8be1670581f8b2fad1c6dd494bd38dc9cf953e9b22ca15f85de9479edc6d1ef2ab7b4d5a1a4947d1353d0a53c40d986d4664c34aba12b83300f53480de

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Foreign.nonl-a6c25448cd8f87757636d291d26abb80a290d5c731cd681ba1e4f315ecfc269c.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            565KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            13a1c678df7989f75a1e8bc38c821e69

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            4c4cb3a360c21ca64c2f3c3fb2e7df074be18d43

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            a6c25448cd8f87757636d291d26abb80a290d5c731cd681ba1e4f315ecfc269c

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            4e998770713924ddb7d74632442147efc86ee72a22a9274009d286322c5376e4ed020a3911fd7ca7fe0c2f301084d31d2c18b703cebcc58ebed3997233c52629

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Foreign.npcc-b939eae084920a1b19cdb837b759c229ee96e1ce4aee8e2650d1a7c8c6defe4b.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            345KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            9065912bbea0ff5dd18d10d0b2f40789

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            a968efc708bbd99e70444e532efe16f8bfd0d667

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            b939eae084920a1b19cdb837b759c229ee96e1ce4aee8e2650d1a7c8c6defe4b

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            3faba95b525a0e87e5ae5ccfccbcaa0773ffa210561a137f0dd650b5d82eada5ae67877b068b51e15bbb132bef02dae75ce5d35a4e0617ca06bceb4db1def4e5

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Gen.fqz-32daab62cd25eafa980c7ad6bff854d2cd214ae1a185fa3a9549e6be655d1f35.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            875KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            c72f365489a11b5426bd64ca6947476b

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            2d13343d0fb13febaf2d923f1f6980c00e53fd62

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            32daab62cd25eafa980c7ad6bff854d2cd214ae1a185fa3a9549e6be655d1f35

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            509f5d111afc75e00561d3192c1daaed7e430722ca6357a3ca775788862b18a5c151b5650275c8cbdca0f3f00a81d7e62638feff5295b54639122770848d8b8a

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Locky.abeb-c2e56510866a6e038ac723a3e5a2ac66b14f407b91886077727f622f561164e3.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            625KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            1934bc240ae9e8e101490a9dab13c079

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            a0218048aaca34259d0651d911b81f9f12a30326

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            c2e56510866a6e038ac723a3e5a2ac66b14f407b91886077727f622f561164e3

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            c7f3c47a2be2be14387f762164db8b4d097cddd1f72efa0e81e59379b1e44cb7f71b56c05920ecbadc6662c58d9bb84d2c8dd4ffae9ecbae67bf0d8978a8a5d5

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Locky.abfp-1d4a3957a4f4d83f1edffcb0b596e04d98c82f801ae4b23208a34076203f42f6.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            634KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            c77d1c0c0ecd0b2f81f2bcf89fb07279

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            be7d13c25052903d150ed07e836e210e298b9995

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            1d4a3957a4f4d83f1edffcb0b596e04d98c82f801ae4b23208a34076203f42f6

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            a967039c4a9804b3ff51c25fafa93322f983eaa52fe4361cae3f5a54c02eafc0bea8e848a3e94ba17e09622b53466dabef14c1a775f0958f06c6aa8e70b9e091

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Locky.abgv-cfa555527bae829733f72c3c04fe74eef0ed196cd00d2a2e2ee92a987503dc39.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            617KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            faae3272bf42590aec32b4850ee6c028

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            97158cc14fef44a679bbfc3ef8188ddf31877e94

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            cfa555527bae829733f72c3c04fe74eef0ed196cd00d2a2e2ee92a987503dc39

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            a8bc114802ae7dcdac9dc00c5d8ba1458a3493f863215f84057576edf1017827d1c4a7b9d2e053f657c0c81bc252b95cb77f07f0ec681ae68ad8b1f891c10597

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Locky.afiy-4880ec5ee1b15232a6631dd80cc4d766ed62c3bf54f54bc32d2bcb0d593e1235.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            589KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            efa1f0d185be2de61aa7ca2c76c1b371

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            ed3f3c3db91f5992155df7fe02749297c4ed575a

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            4880ec5ee1b15232a6631dd80cc4d766ed62c3bf54f54bc32d2bcb0d593e1235

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            5828e689f7e0d3083fa91d06d268531e9dc146c3531d0aa77b7f4b81738a618a8102702e62fdef05f29966ae8aca7d61066703349fbbfefb7d83e2d6454d16b2

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Locky.bil-6f1b3c48f263289c8de3ea1bf4b173feaa502db8ed84f4943f4a049071084aee.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            244KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            319b6b6b5fbc5a01d333ae770ea551a9

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            dfe2cf1f67cd7f0f090f400444b69261305e63be

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            6f1b3c48f263289c8de3ea1bf4b173feaa502db8ed84f4943f4a049071084aee

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            775fae93e92e5ad1e648f1151717df0dfae822dde5446b4f8a2a9dc33f115557ef91235737432377d2bfc9bce840b89bb9c4f52aae8a46ab0af932e34d0c45f8

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Locky.dl-e9990ccae658bcecca6a7b52251ef55b3298d9f46c55e92dea0363398b7d6c41.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            192KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            b1c957ab802f39839f2b92d7d55e7f83

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            cc109d0fea1b0c13280203ca8972bda909c6dde4

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            e9990ccae658bcecca6a7b52251ef55b3298d9f46c55e92dea0363398b7d6c41

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            750f180a65b14591f3962be2f86dad8e5301de681aea992ceb6bc2635b2727a0d628400b36d5235107c74782ab25af0c565f35d51d54d26fabeb355232cb43a5

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Locky.zmi-f8e7dde2601ebeb7e30af4c54016223f1c42298176e1f2f5c4945ca6b8b88317.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            645KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            43e9190f8f18e52dc361f775cc02b2ce

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            523d4fe97f74759f5b917bb8ef4982a4011bf8c1

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            f8e7dde2601ebeb7e30af4c54016223f1c42298176e1f2f5c4945ca6b8b88317

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            d586b9f313fb10703e680ce018bbd109dca8ea0211ffaf5c174639df38549f5acefcf08e6fe0766387f56bf307ed3bf85446b02a8459bd34cffe050075c7031b

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Purgen.rd-2138058fcd95620d254930f3d3df8def00ce8b696491b115635bcbd5fc8a2b91.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            232KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            06518590d25945c439c56c99d486bc2c

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            3af18804d7aba4a1c7cbdf859df73be35755905b

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            2138058fcd95620d254930f3d3df8def00ce8b696491b115635bcbd5fc8a2b91

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            05d96b1f7ab3453a7e6b14c5431a3237c4224c5bcc1020ba39b3dbcfbe3f37d2e84ad7ab54b0bafe362d1902484ccf9f16b362d0024347e156cfba1f96c8ea04

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.SageCrypt.dze-ffb3ff1308d4ec8ef1f9c949cb508926aafd1fa63ad86890dd420836bd614963.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            780KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            4c63b758d8cd295eefcb38dc336ac288

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            9a09f872447613b8c5fda3fa4ed99098a59c7b05

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            ffb3ff1308d4ec8ef1f9c949cb508926aafd1fa63ad86890dd420836bd614963

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            e996eeb41799c8718aa8441423485e3735f80a8477bce2fdc5a066f1e7fb1d10bec58bd8635f9cb4b9f5817147195147fee07d61c79315a8098731712477859a

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Shade.nyw-2d19fa4ce090239534ab152bdf941674d41e6fc532d95103a664c73cf085c658.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            897KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            e944ea7b6b608b16832c239ca99c5e61

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            ecc87e992c8f7bd25e48fbd9dd2d71096930ac6c

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            2d19fa4ce090239534ab152bdf941674d41e6fc532d95103a664c73cf085c658

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            5353de1c200b51c17f7eea6b847cab639b642908931798b93f0faa0ff61b9f30b5326e4ffcbf5b142777add28b4e16906a0f32ac622344eba7fd111ee0830fe3

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Wanna.c-96ced32b262d8805a5cf748ae1c9d7bf03bd4896cf349153886bc020f430f395.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            800KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            7a3ddd634eea691850376105fb629318

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            1a325a53ff6b3ce5c90874815a89f89b10114227

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            96ced32b262d8805a5cf748ae1c9d7bf03bd4896cf349153886bc020f430f395

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            87d4d6f914cc6c39c68111066489f558f8ae810ec10f35d8790fbb20938ec384022f0c41a4f0dbc230ea25495473fa5830c518ed8fd362a86bdfecb2058a0ea3

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Wanna.m-0a00aa4c6f60e7d2f19da6d9f6aaca1119541f7cd15a340eb03fccc341cbf5c7.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            3.6MB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            d942c9dc7662f5550883a86660545dd9

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            9f1382a04a27a6d92ede09b1231443e7db1f36bd

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            0a00aa4c6f60e7d2f19da6d9f6aaca1119541f7cd15a340eb03fccc341cbf5c7

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            1b434c8e3dbcbec9369271a722977ce6458020f9a730d4088be67d170e7798f8d291b2fa01e8d238b11a3910df990b1644637ec888c7f9bb0a79af486729e484

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00300\Trojan-Ransom.Win32.Wanna.zbu-0b824f863d1cbe4fcc403bbef23aaa27197d7998911f30845f0a75b5c7287949.exe
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            3.4MB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            54880a105eb4bafeec08b7029213e871

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            f68813458ae09fdbd6e946e767305b462ad79f22

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            0b824f863d1cbe4fcc403bbef23aaa27197d7998911f30845f0a75b5c7287949

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            84694551292eba3dbc07020bc6e147799114c67c4c23097a713a12f34cb59e59daaed46e8578a6abcbfe3496c671d9f523700e49d750d9d5af4045944b6b48f8

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\asasin.bmp
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            3.3MB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            5962d276c44d0c1c522d4013ff9b2460

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            1ffdd4b9b3c0e9e0412ff2b413d6ec05b09e2733

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            8919fc65032f804118cea725e5dbc25fcc9453a52ef6621a7eebb55fb559965d

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            cd1f2c24bd3463920a58955df3a66fae9070085770d6b0f925df660d48d931addb9f715b8137d53360519aad911ca40a5a8495902699afc9cfc4ddcd946b3d53

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Public\Videos\how_to_decrypt_files.html
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            34a9e6e0387ed47b3cfab60f65bcfbc0

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            fef0464ba8f68af46a19677bec388cf16ad7a34f

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            a5882c672bf072da2789b640cea1036e902e35815fecb2bc87d742690ff7384f

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            c7126d7fe06e9c3de533bbbfde6ea2222879b3c0b7d33f56879538e3a7e87e4a598595b5ea05ddf040d86fb1d6c7eea3714e3366b89a42c4470aed36c69f90f5

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\lukitus-69d8.htm
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            8KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            9f354e4c8914afe3654b9e7ce3a5d0a5

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            00c56ba0d10b6290305a49a06416ca289e0e6740

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            f4fc2f980e80de8313f6ccfbfc16f7e4efe80b6e443d19ce3ea4bcc571f0c1a6

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            47bbd726c9cbdafc95d4d923900ab87ceb74dc545f8d864e1b9b38727e551c80c9c74eb02e1d8b49a92ec520f3dad1f8a96f3e3635b0662d646772506168f912

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\9C20.tmp
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            60KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            347ac3b6b791054de3e5720a7144a977

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            413eba3973a15c1a6429d9f170f3e8287f98c21c

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            301b905eb98d8d6bb559c04bbda26628a942b2c4107c07a02e8f753bdcfe347c

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            9a399916bc681964af1e1061bc0a8e2926307642557539ad587ce6f9b5ef93bdf1820fe5d7b5ffe5f0bb38e5b4dc6add213ba04048c0c7c264646375fcd01787

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • \Users\Admin\AppData\Local\Temp\nseA381.tmp\System.dll
                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            11KB

                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                            a4dd044bcd94e9b3370ccf095b31f896

                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                            17c78201323ab2095bc53184aa8267c9187d5173

                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                            2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc

                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                            87335a43b9ca13e1300c7c23e702e87c669e2bcf4f6065f0c684fc53165e9c1f091cc4d79a3eca3910f0518d3b647120ac0be1a68eaade2e75eaa64adfc92c5a

                                                                                                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                                                                                                          • memory/660-191-0x0000000000400000-0x0000000000412000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            72KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/660-180-0x0000000000400000-0x0000000000412000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            72KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/660-178-0x0000000000400000-0x0000000000412000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            72KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/840-96-0x0000000140000000-0x00000001405E8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            5.9MB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/840-95-0x0000000140000000-0x00000001405E8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            5.9MB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/840-94-0x0000000140000000-0x00000001405E8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            5.9MB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/880-328-0x0000000001010000-0x0000000001023000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            76KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/984-986-0x0000000000830000-0x000000000089A000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            424KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/1120-338-0x0000000002010000-0x0000000002025000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            84KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/1120-336-0x0000000002010000-0x0000000002025000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            84KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/1120-334-0x0000000002010000-0x0000000002025000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            84KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/1120-332-0x0000000002010000-0x0000000002025000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            84KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/1780-214-0x0000000000400000-0x00000000004A5BB0-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            662KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/1800-182-0x0000000000400000-0x00000000004A3A5C-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            654KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/1812-184-0x0000000000400000-0x00000000004A1A7C-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            646KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/1820-181-0x0000000000400000-0x0000000000412000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            72KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/1820-179-0x0000000000400000-0x0000000000412000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            72KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/1820-187-0x0000000000400000-0x0000000000412000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            72KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2212-220-0x0000000000080000-0x0000000000093000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            76KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2248-303-0x00000000018A0000-0x00000000019A9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            1.0MB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2248-304-0x0000000003150000-0x0000000003167000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            92KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2248-269-0x0000000000410000-0x00000000004D9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            804KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2248-270-0x00000000004E0000-0x000000000057F000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            636KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2248-271-0x0000000000160000-0x000000000017F000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            124KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2248-272-0x0000000000660000-0x000000000078D000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            1.2MB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2248-273-0x0000000000790000-0x0000000000801000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            452KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2344-239-0x0000000000230000-0x00000000002FA000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            808KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2480-241-0x0000000000400000-0x000000000043F000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            252KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2504-258-0x0000000000400000-0x0000000000490000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            576KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2604-205-0x0000000000400000-0x00000000004E5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            916KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2604-246-0x0000000000400000-0x00000000004E5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            916KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2604-207-0x0000000000400000-0x00000000004E5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            916KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2604-216-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2604-217-0x0000000000400000-0x00000000004E5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            916KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2604-199-0x0000000000400000-0x00000000004E5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            916KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2604-201-0x0000000000400000-0x00000000004E5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            916KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2604-203-0x0000000000400000-0x00000000004E5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            916KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2648-511-0x00000000002A0000-0x00000000002AC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            48KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2768-311-0x0000000000400000-0x0000000000415000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            84KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2768-321-0x0000000002130000-0x0000000002239000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            1.0MB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2768-310-0x00000000007A0000-0x0000000000811000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            452KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2768-309-0x0000000000670000-0x000000000079D000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            1.2MB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2768-308-0x00000000002B0000-0x00000000002CF000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            124KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2768-331-0x0000000003BD0000-0x0000000003BE7000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            92KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2768-307-0x00000000004F0000-0x000000000058F000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            636KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2768-305-0x0000000000400000-0x0000000000415000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            84KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/2768-306-0x0000000000420000-0x00000000004E9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            804KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/3008-190-0x0000000000400000-0x0000000000412000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            72KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/3008-245-0x0000000000400000-0x0000000000412000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            72KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/3008-322-0x0000000000400000-0x0000000000412000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            72KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/3048-236-0x0000000000400000-0x0000000000494000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            592KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/3060-127-0x0000000000D80000-0x0000000000D9B000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            108KB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/3808-567-0x0000000000400000-0x00000000005DF000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            1.9MB

                                                                                                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                                                                                                          • memory/3808-1007-0x0000000000400000-0x00000000005DF000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                            1.9MB

                                                                                                                                                                                                                                                                                                                                                                            Download