Sample File: MD5 hash: 4fb2382b7c4e49880851c42cad35e269 SHA1 hash: 6b4b6a3ae92084d78e50277896fe9e9e297acae9 SHA256 hash: 32f7a9e9e50f7a4f14cf9667bf30f7b51dc2937cee18c3c5fe97773767c41ff0 SSDEEP hash: 12288:mzUGV8+7jZegjTYUDAKH9RSmXvYitIt08N2n2:EMudLnAKdRSiJy42 Filename(s): Lef9NVBNY3Gqm5dX.exe Filetype: Windows Exe (x86-32) Mutex IOCs: uwkkwwAk DakkIgow è0@ ð0@ ø0@ 1@ HYMEMkcU1 LcQMUQsg1 Registry Key IOCs: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\BUccwoAg.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\YMIIsQMA.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit Domain IOCs: google.com www.google.com IP IOCs: 172.217.23.142 URL IOCs: http://google.com/ http://www.google.com/ File IOCs: Filenames: CiMc.ico Gooc.ico C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp QMUC.exe C:\Users\5p5NrGJn0jS HALPmcxz\Music\k8qweN-IiSAnrvYNZ7\qQWc7W\eeJrg3PiYYolM n\Igx92gNKAYXQ6D.mp3.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\JqeJOQ.ppt.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp aYIY.ico C:\Users\5p5NrGJn0jS HALPmcxz\Documents\pua8_NLTYZ.pptx C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp.exe MkYI.exe EUEu.exe C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe SKwE.ico oosY.exe iQMu.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp C:\Users\5p5NrGJn0jS HALPmcxz\Documents\aeUZDcfwYaGG.pptx mUQY.exe mQES.exe yEwg.exe aKAc.ico iaUo.ico C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\XaAsLYDJsFXx7IQhvgc.mp3 gCco.ico C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp UUcQ.exe YEQM.exe okMk.ico IUQo.ico IowS.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\4iUatEjeZpHqCmOXk_.mp3 iWUs.ico C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp.exe Ykks.exe C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\98wDbPH43ILPC_.bmp.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp.exe C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\9RW6e1n-GCBYX2lDor.gif C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE.exe GCgI.ico SekQ.ico wOoo.ico uAwE.exe C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NJF5kV5.png.exe C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\QEhgyk foyuP.png C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp KQoa.exe CeAo.ico ywoK.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\g1_X_hewKjDbJqRQoGji.jpg.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\llWF1\D_sHzEN-YqCs.doc.exe qKMQ.ico EUUQ.exe YscE.exe YQkC.exe YUMq.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\-6j0PXaCZe.doc.exe CsYK.exe eUIM.exe C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg GIsO.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp.exe msUu.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\myKsW57tzCY.png.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button.png CkQQ.ico Esgi.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\KQWIk.mp3.exe C:\Users\5p5NrGJn0jS HALPmcxz\Music\k8qweN-IiSAnrvYNZ7\qQWc7W\eeJrg3PiYYolM n\LwzoHd rIuuzn\pWwabxs7HAaBn.mp3.exe gYIs.ico C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp wwYe.exe gEME.ico C:\Windows\system32\config\systemprofile\duIwksoU GCsk.ico C:\Users\5p5NrGJn0jS HALPmcxz\Documents\B67gYXBWUXJnxj.xlsx.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\4iUatEjeZpHqCmOXk_.mp3.exe WkQE.exe C:\Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\llWF1\bd2xxtoWGvfMY.pptx.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp OoUq.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp.exe C:\Boot\memtest.exe C:\Users\5p5NrGJn0jS HALPmcxz\Music\k8qweN-IiSAnrvYNZ7\qQWc7W\eeJrg3PiYYolM n\Og8t7CuXGwEITuQ-tl.mp3 Wksw.ico AgQE.exe mEss.exe C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.exe sIIA.ico CUMm.exe KMYc.ico C:\Users\5p5NrGJn0jS HALPmcxz\Documents\deAYMjHUcE.xlsx.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\128.png WwAI.exe EacY.ico C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.exe KWUY.ico WsQq.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\flapper.gif C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp YooY.ico UeEg.ico C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp.exe AgUm.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\RnnR-.xlsx.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\uJZobNbsSsvQ.bmp.exe C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0lUIuXAlbkD5QUP.xlsx C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\KQWIk.mp3 C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\O9Mg5g.png C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\IzsqWmb-VfL_K_EXhb.gif csou.exe UMIK.exe SIUU.exe C:\Users\5p5NrGJn0jS HALPmcxz\Music\k8qweN-IiSAnrvYNZ7\g5Ta-8tpOnU_t\SCBD21D.mp3 C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ua2D 6djdE_2ie.pptx.exe C:\Users\Public\Music\Sample Music\Sleep Away.mp3.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\98wDbPH43ILPC_.bmp C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg C:\Users\5p5NrGJn0jS HALPmcxz\duIwksoU\BUccwoAg.exe WWIM.ico C:\Users\5p5NrGJn0jS HALPmcxz\Documents\J6hSP82CM3ZgN9hvRkf.ppt C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_close.png YUgI.ico C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp YYwU.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png.exe C:\Users\5p5NrGJn0jS HALPmcxz\Music\k8qweN-IiSAnrvYNZ7\qQWc7W\eeJrg3PiYYolM n\uQXzSmxCBU\Td496DKV6zBjvy4NLKZ-.mp3 C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\s7gIH4.xls.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GIAr Ain.doc C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\bk8hocTy38s.bmp ckAM.ico CgAw.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe qsoI.ico YUQW.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\SosFgWq6fny qM.docx C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hMSdm6gnno4.jpg C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\juzCN enZxbJNy2q.bmp C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.exe gics.ico C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\128.png.exe aYgs.exe C:\ProgramData\Microsoft\User Account Pictures\user.bmp C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\QEhgyk foyuP.png.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Mozilla\Firefox\Profiles\silmbjec.default\thumbnails\ce8c0453589216a67cddb50284fbfe8d.png gaMU.ico C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\qm6pwnSlzaybvZ1vQHM.xls.exe EkIs.ico Uccc.exe C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe C:\Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png owMS.exe C:\Users\5p5NrGJn0jS HALPmcxz\Music\k8qweN-IiSAnrvYNZ7\g5Ta-8tpOnU_t\SCBD21D.mp3.exe YsAg.ico C:\Users\5p5NrGJn0jS HALPmcxz\Music\k8qweN-IiSAnrvYNZ7\qQWc7W\eeJrg3PiYYolM n\LwzoHd rIuuzn\HPQJDYQ5y3Kgy.mp3.exe OsUo.ico C:\Users\5p5NrGJn0jS HALPmcxz\Documents\-6j0PXaCZe.doc C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\KPwSrol.mp3 C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\oLtXUtj gWpb1gQ.png C:\Users\5p5NrGJn0jS HALPmcxz\Documents\zROBvpH3jHeTNI-wr.docx YEEo.exe C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Lef9NVBNY3Gqm5dX.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp.exe gYkk.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\IzsqWmb-VfL_K_EXhb.gif.exe C:\Users\Public\Pictures\Sample Pictures\Koala.jpg cwYA.ico C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\Hh5gNk.gif.exe akIm.exe umIU.ico EYAE.exe C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe C:\Users\5p5NrGJn0jS HALPmcxz\Music\k8qweN-IiSAnrvYNZ7\qQWc7W\eeJrg3PiYYolM n\Igx92gNKAYXQ6D.mp3 iQoi.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp.exe kUcg.ico C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_hover.png cmkU.ico SEwM.ico C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_maximize.png C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\QJcq9GpDqe4-VG.mp3.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp yMQO.exe guwU.ico C:\Users\5p5NrGJn0jS HALPmcxz\Documents\llWF1\KIYEXJ4R1Czs36X.pptx oMcM.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\llWF1\KIYEXJ4R1Czs36X.pptx.exe USII.ico C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp IoEw.ico acss.ico EGEU.ico C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\chromecast_logo_grey.png.exe C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe C:\Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\kTjFYVFAn4.mp3.exe GoUc.exe kyQc.ico kmkg.ico YWMA.ico C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\vx7KIl8e6gjjL_1mSr.mp3 iMQO.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp C:\Users\5p5NrGJn0jS HALPmcxz\Documents\zROBvpH3jHeTNI-wr.docx.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\wlxAu7b3.pptx.exe YIQg.exe cAIs.ico CEMo.ico uGUU.ico C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp iIUK.exe C:\Users\5p5NrGJn0jS HALPmcxz\Music\k8qweN-IiSAnrvYNZ7\qQWc7W\eeJrg3PiYYolM n\uQXzSmxCBU\Xt7NR_n-E.mp3 C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp.exe C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NJF5kV5.png C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\10eCAvj.jpg.exe mKcQ.ico QQoM.ico C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Mozilla\Firefox\Profiles\silmbjec.default\thumbnails\ba182bcd131f1f3c6b6fbbb1ba078341.png kKQU.ico WEEU.exe Ekse.exe qoIM.ico OkUE.exe C:\Users\All Users\Microsoft\User Account Pictures\user.bmp.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4rw7vaEjNZsnnNC54KQ1.png.exe C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Mozilla\Firefox\Profiles\silmbjec.default\thumbnails\ba182bcd131f1f3c6b6fbbb1ba078341.png.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp OMAE.ico C:\Users\5p5NrGJn0jS HALPmcxz\Documents\B67gYXBWUXJnxj.xlsx IQIe.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\7PLBEF97cmxKYRh.gif.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp C:\Users\5p5NrGJn0jS HALPmcxz\Music\k8qweN-IiSAnrvYNZ7\qQWc7W\eeJrg3PiYYolM n\uQXzSmxCBU\Td496DKV6zBjvy4NLKZ-.mp3.exe C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.exe C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp.exe C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe YAUw.exe ckQg.exe C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp.exe EyoM.ico gWIw.ico SMIk.ico C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\1 P01gEwYd.bmp C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\iEEOjUdv0Wj0JqvTmm.gif.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\fzevtocoruBc4yG1S.xlsx YssA.exe woky.exe C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp.exe SAgs.ico yoYW.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp cawM.ico wEMU.ico wCcs.ico C:\Users\5p5NrGJn0jS HALPmcxz\Documents\pua8_NLTYZ.pptx.exe OMgY.ico MkcA.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp.exe eKAo.ico WAki.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hMSdm6gnno4.jpg.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\UuC6hNqWj.gif.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp.exe iykc.ico C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\vx7KIl8e6gjjL_1mSr.mp3.exe eKcQ.ico C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe AQwQ.ico WYYs.ico kAIQ.ico AmEM.ico C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png AmYQ.ico sYIe.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp esIw.ico oewk.ico C:\Users\All Users\Microsoft\User Account Pictures\guest.bmp C:\Users\5p5NrGJn0jS HALPmcxz\Music\k8qweN-IiSAnrvYNZ7\qQWc7W\eeJrg3PiYYolM n\LwzoHd rIuuzn\HPQJDYQ5y3Kgy.mp3 C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp.exe C:\ProgramData\GSogosQc\YMIIsQMA.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gCYPffwRu.bmp C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\10eCAvj.jpg C:\Users\All Users\Microsoft\User Account Pictures\user.bmp gAcM.exe quYg.ico iAsS.exe C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\0x8VAeJ hT.gif C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\icon_128.png.exe C:\Users\All Users\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe sYww.ico aQEk.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\icon_128.png C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Ee3sNdXb 1.docx KysU.ico C:\Users\Public\Pictures\Sample Pictures\Desert.jpg oGsg.ico C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\JqeJOQ.ppt C:\Users\5p5NrGJn0jS HALPmcxz\Documents\bRGpww8z.docx IMAc.ico Kmsc.ico C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp EwsI.exe kUAg.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Mozilla\Firefox\Profiles\silmbjec.default\thumbnails\ce8c0453589216a67cddb50284fbfe8d.png.exe C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp iWEw.ico YcIC.exe cwwg.exe C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg qqsI.ico OYUM.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Q-fAoy7DIswlc14E0gQM.png UWwo.ico C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp.exe yYMQ.ico C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp.exe aMMy.exe C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\Hh5gNk.gif yIEg.exe iyYo.ico OWQo.ico Wwsq.exe C:\Users\5p5NrGJn0jS HALPmcxz\Music\k8qweN-IiSAnrvYNZ7\g5Ta-8tpOnU_t\4m_lVFwhVIo9K3s29cE.mp3 C:\Users\5p5NrGJn0jS HALPmcxz\Documents\OgwjX5Eq.pptx.exe OUkq.exe wEgE.ico gYQQ.ico C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp.exe qecM.ico CksM.ico WAEk.ico Wsom.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8Mwv5DNYyrtv1aafOHyX.png.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\cei_aLrIfi.png.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp mgAE.exe WwYs.ico C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp C:\Users\5p5NrGJn0jS HALPmcxz\Documents\bRGpww8z.docx.exe SGgA.ico iaUw.ico C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0lUIuXAlbkD5QUP.xlsx.exe MqsE.ico UMoW.exe C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp EQwQ.ico C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\S0hxY4y7RcgUxJ5MN5.gif.exe C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg C:\Users\5p5NrGJn0jS HALPmcxz\duIwksoU\BUccwoAg WuUo.ico C:\Users\5p5NrGJn0jS HALPmcxz\Documents\orK4KBZEkNKP6.pptx.exe cUUC.exe C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg.exe C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp.exe C:\Users\5p5NrGJn0jS HALPmcxz\Music\k8qweN-IiSAnrvYNZ7\qQWc7W\eeJrg3PiYYolM n\Og8t7CuXGwEITuQ-tl.mp3.exe C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp.exe C:\ProgramData\Microsoft\User Account Pictures\user.bmp.exe Usog.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png AAso.ico IIES.exe CUYE.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp.exe AQwo.exe EcIS.exe C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp cIIk.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\UQgw2.png C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp.exe ogwS.exe yAgm.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\GoogleUpdateSetup.exe scsw.exe C:\Users\5p5NrGJn0jS HALPmcxz\Music\k8qweN-IiSAnrvYNZ7\qQWc7W\eeJrg3PiYYolM n\LwzoHd rIuuzn\pWwabxs7HAaBn.mp3 gwgM.ico C:\Users\5p5NrGJn0jS HALPmcxz\Documents\llWF1\bd2xxtoWGvfMY.pptx C:\Users\5p5NrGJn0jS HALPmcxz\Documents\PLtGkcFm3nh.pdf KgsG.exe OUgE.exe KcsQ.exe gkAs.ico GcAi.exe C:\ProgramData\Microsoft\User Account Pictures\guest.bmp KcUE.exe eSUY.ico C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\clickonce_bootstrap.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp.exe ACoI.ico CAEg.exe C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe CmMk.ico C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\78BglU.jpg C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp.exe C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp.exe AQgI.exe C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png C:\Users\5p5NrGJn0jS HALPmcxz\Documents\llWF1\G3iRv2GNMb5Bfh.pptx gEki.exe gyoU.ico CwMe.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\pmrbXzZ.bmp.exe wqQk.ico wGMY.ico C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp MIYi.exe cYcs.ico Ecwc.ico C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp.exe QUAW.exe iaks.ico C:\Users\5p5NrGJn0jS HALPmcxz\Documents\J6hSP82CM3ZgN9hvRkf.ppt.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ua2D 6djdE_2ie.pptx sAQw.ico C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\icon_16.png C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\OgwjX5Eq.pptx C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp qUEA.ico mqkk.ico C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp agwo.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Ee3sNdXb 1.docx.exe cCQw.ico C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\128.png C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\kTjFYVFAn4.mp3 Eykg.ico C:\ProgramData\VWcUEoYI\ssYIYkgc.exe C:\ProgramData\GSogosQc gmQw.ico C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp MksW.exe C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp OAkA.ico C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg kwsC.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\a5lNIpKaFDZ8fs9F1EOh.mp3 ugow.ico C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BEOhmrO5Yqwlk.xlsx Scgq.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\flapper.gif.exe C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\s7gIH4.xls iiIE.ico C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp.exe qAkG.exe C:\Users\5p5NrGJn0jS HALPmcxz\duIwksoU iAck.exe igYm.exe IwAA.ico C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8u3vAjhVmgVFEJGJJiS.jpg GCAM.ico Wigc.ico C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\qm6pwnSlzaybvZ1vQHM.xls EckA.ico EoMq.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wNq0KKG.bmp GuME.ico KoQU.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp sMQA.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\llWF1\Pkdg0v0Bp.pdf.exe C:\Windows\system32\config\systemprofile\duIwksoU\BUccwoAg icIQ.ico C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\iEEOjUdv0Wj0JqvTmm.gif QgIo.exe mkUM.ico C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\cei_aLrIfi.png C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp gAAg.ico C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\UuC6hNqWj.gif AcQS.exe UAYI.ico C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\128.png.exe IAwK.exe C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_pressed.png C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\UQgw2.png.exe QEcK.exe kQYS.exe MGYI.ico IqME.ico yaQc.ico igQG.exe UQAG.exe C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp.exe oEYY.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\icon_128.png eYoA.ico GQIA.ico KWoQ.ico C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\icon_128.png.exe cWwk.ico C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\wIlYNc.gif.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\wlxAu7b3.pptx C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp.exe C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp.exe oYUS.exe C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\1PKtjDbenf.bmp.exe ywks.ico C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.exe OQYU.ico kQgG.exe C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp C:\Users\5p5NrGJn0jS HALPmcxz\Documents\SosFgWq6fny qM.docx.exe QCkc.ico C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png gyos.ico ewAm.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\RnnR-.xlsx UeEQ.ico oosc.ico mkwA.exe iqgc.ico C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BEOhmrO5Yqwlk.xlsx.exe iMoQ.exe iCIo.ico C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\XaAsLYDJsFXx7IQhvgc.mp3.exe GAYU.exe csIO.exe GAIc.ico cAIY.ico C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\IADcQgA2vzv_FJer-q5.gif.exe QAMK.exe yMMg.exe C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe AAsA.ico C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE YYkQ.ico cwIs.exe yIMY.exe isAm.exe oeIE.ico cIYc.ico CYwM.exe uKAk.ico C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp.exe ckwA.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp.exe kwsA.exe oYEa.exe gAgw.exe eUkk.ico C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp C:\Users\5p5NrGJn0jS HALPmcxz\Documents\llWF1\F3NVpts.docx iYUA.ico C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\nTJeTyZOCSW507E.gif.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\deAYMjHUcE.xlsx C:\Users\5p5NrGJn0jS HALPmcxz\Documents\usTFGNw.docx.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\llWF1\F3NVpts.docx.exe YcMM.ico EyYc.ico eIEk.ico UgcC.exe WYkA.exe skUw.exe aYIw.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\128.png C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GIAr Ain.doc.exe uogK.exe C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp gwcK.exe C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\llWF1\Pkdg0v0Bp.pdf mkoM.ico C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Q0VMV.gif.exe caMI.ico QEEc.exe KWog.ico KsIk.ico UsQY.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\llWF1\7vo-oYPVdRwSYh4Y.pptx C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\IADcQgA2vzv_FJer-q5.gif C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp WEAI.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\g1_X_hewKjDbJqRQoGji.jpg C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp.exe uUUA.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp.exe sMYu.exe cygY.ico UQwq.exe UYgy.exe caMk.ico C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\88fGHH-bB.png AkMO.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\llWF1\rUpoIpuds.xlsx.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\bk8hocTy38s.bmp.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\KPwSrol.mp3.exe CIIM.exe C:\Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp OgAC.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4rw7vaEjNZsnnNC54KQ1.png C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png goYo.ico C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\j0IStif.png C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp aeYI.ico mYUg.ico wAwu.exe C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp iEEE.ico aeks.ico MGkM.ico YmAA.ico C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\oLtXUtj gWpb1gQ.png.exe C:\Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.exe WYco.ico C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8u3vAjhVmgVFEJGJJiS.jpg.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8Mwv5DNYyrtv1aafOHyX.png C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\F_hGjv.gif C:\Users\Public\Music\Sample Music\Kalimba.mp3.exe C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\1 P01gEwYd.bmp.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\pmrbXzZ.bmp C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\chromecast_logo_grey.png C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp.exe C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp aogg.ico C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\pVsiR.bmp C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\pVsiR.bmp.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\7I1WHWQa4 Pt.gif.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\myKsW57tzCY.png sUsU.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gCYPffwRu.bmp.exe uQQI.exe yowi.exe sqss.ico C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png wysI.ico C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\juzCN enZxbJNy2q.bmp.exe CCsw.ico IwES.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\j0IStif.png.exe C:\ProgramData\VWcUEoYI C:\Users\Public\Music\Sample Music\Kalimba.mp3 C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png GIcW.exe wYko.ico C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Mozilla\Firefox\Profiles\silmbjec.default\thumbnails\4cc87c1409819bf06f42b782d4902b2f.png.exe C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp UoMm.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp.exe SwQY.ico C:\Users\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe CYUY.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\llWF1\rUpoIpuds.xlsx YWEQ.ico ggEI.ico C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\GoogleUpdateSetup.exe EOQM.ico C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp.exe QUYI.exe C:\Users\All Users\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe oOwM.ico UAAM.exe C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp.exe C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp.exe GQgm.exe ukkw.ico OUYk.ico C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp.exe UYEQ.exe qEIi.exe YgoS.exe gQII.ico C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\a5lNIpKaFDZ8fs9F1EOh.mp3.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp WYwu.exe UAsy.exe YKos.ico WeQc.ico Wgce.exe gAgE.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\sTl.jpg iUwM.ico C:\Users\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe YgMU.ico C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp.exe C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.exe C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\88fGHH-bB.png.exe C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe Igow.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\9RW6e1n-GCBYX2lDor.gif.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\icon_16.png C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp.exe eUYq.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Mozilla\Firefox\Profiles\silmbjec.default\thumbnails\4cc87c1409819bf06f42b782d4902b2f.png MQEY.ico C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\O9Mg5g.png.exe MoMC.exe wEIA.ico Ymsk.ico C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp.exe AsII.ico wIMU.exe C:\Users\5p5NrGJn0jS HALPmcxz\Music\k8qweN-IiSAnrvYNZ7\g5Ta-8tpOnU_t\4m_lVFwhVIo9K3s29cE.mp3.exe KysQ.ico uSgc.ico IuoE.ico ccgE.exe C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe kkQi.exe C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp QEgi.exe AgsO.exe UAQG.exe eUsk.exe IWQU.ico C:\Users\5p5NrGJn0jS HALPmcxz\Documents\usTFGNw.docx wYQW.exe CQoQ.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\7PLBEF97cmxKYRh.gif C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\F_hGjv.gif.exe C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp YKUI.ico uEoQ.exe auYY.ico C:\Users\Public\Music\Sample Music\Sleep Away.mp3 kcEi.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\128.png.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wNq0KKG.bmp.exe wywI.ico C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\S0hxY4y7RcgUxJ5MN5.gif mEwc.ico C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\7I1WHWQa4 Pt.gif YAUG.exe YgYk.exe KYIM.ico C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\128.png.exe IAQK.exe MmIE.ico C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp.exe yykk.ico C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\78BglU.jpg.exe C:\Users\5p5NrGJn0jS HALPmcxz\Music\k8qweN-IiSAnrvYNZ7\qQWc7W\eeJrg3PiYYolM n\uQXzSmxCBU\Xt7NR_n-E.mp3.exe oyEo.ico C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Q0VMV.gif kUoW.exe KEMM.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\llWF1\G3iRv2GNMb5Bfh.pptx.exe sAcE.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp.exe oQYq.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\wIlYNc.gif qukE.ico C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp.exe C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp.exe C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\QJcq9GpDqe4-VG.mp3 C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe MwMm.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp kEwU.ico gYEW.exe AuIo.ico C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp.exe YAQm.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png mAMA.exe C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp.exe C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\1PKtjDbenf.bmp C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\nTJeTyZOCSW507E.gif yUgY.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\xmkw.docx C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\128.png ycIU.exe AEAG.exe IsYu.exe gocU.exe uUUu.exe C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.exe Eksm.exe awUo.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp.exe cIcg.exe YOsg.ico C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp.exe MKMQ.ico C:\Users\All Users\Microsoft\User Account Pictures\guest.bmp.exe IAsk.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp cUcK.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\PLtGkcFm3nh.pdf.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Q-fAoy7DIswlc14E0gQM.png.exe AMsI.ico GgUQ.ico UmUk.ico C:\Users\5p5NrGJn0jS HALPmcxz\Documents\xmkw.docx.exe yUcC.exe C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\0x8VAeJ hT.gif.exe C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp.exe C:\Users\Public\Pictures\Sample Pictures\Koala.jpg.exe C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp wggO.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\aeUZDcfwYaGG.pptx.exe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\sTl.jpg.exe iIcs.ico UUkA.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\orK4KBZEkNKP6.pptx C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp C:\ProgramData\vgYI.txt KkoE.ico C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip.exe wIQw.ico cEsK.exe GIkk.exe C:\Users\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\llWF1\D_sHzEN-YqCs.doc eQwE.exe C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png guUg.ico C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp cIga.exe C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wADGM-Om NZHxCf\uJZobNbsSsvQ.bmp CyUk.ico Kkcw.exe IEwg.ico kowE.exe YAEq.exe C:\Users\5p5NrGJn0jS HALPmcxz\Documents\fzevtocoruBc4yG1S.xlsx.exe MD5 hashes: c6c814b3994303a5a36725c897abf949 f0a313942dabb889bd5ffecb3f6f7ef3 1dc9cf3c208fbc9eb88fb5cd45b78af3 3670e405865c9a60aeac56eb66422a7b 4fb2382b7c4e49880851c42cad35e269 83b6ef670dc0895ad0fb5cad0c7fc5f9 b9b9d5a472919b725370df5f7199ed5b 1003785cbf380f470371c2799e02d699 57cc2b30cac70e137d08651edb646664 61b36f23ac93e0eeaeb989af2bd8386d d41d8cd98f00b204e9800998ecf8427e SHA1 hashes: b82df005aed57adeaf019f4c55ad1499afe549f5 da39a3ee5e6b4b0d3255bfef95601890afd80709 88944bb2fe5960c306cd5615ce6821e05a6ed9a4 688b9d07447f22980847f0a27407ec07139b2514 df05cc6a905260ead7e865064c537e17797b40b9 8d75ffa43cc2c2f6cb3181f03e056b7e2c434551 fd47823dd185fc024318c1d6a872bb5055aa6653 1daa5d6e72e61d9900f6d19826c033ca38955a74 8f20935d4cf7cb8bdf0e79c089b1d4ed27e50b46 6b4b6a3ae92084d78e50277896fe9e9e297acae9 ec56bf4915d371fec52ab5011a90dc241df15525 SHA256 hashes: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 6d555ad988cdbd5a6db0be779994b1e0268bc1f6a8ab77fa8a3da09169e07cb1 32f7a9e9e50f7a4f14cf9667bf30f7b51dc2937cee18c3c5fe97773767c41ff0 83d9dea522bed400139aa27d1c9be33327a94ecdf2ceb6501f70a10489e7c57a 90ceecbaefccc710099189ba6d56cd73c6389a25f4e1922583a97e6979a3491c f10c97f076066b1d4051e5b39ebd2dfde3a4895d310367c5c34c718904d26cdb a6e3ee00ff2273a1ad33cb0751aa651e83ce4151a3eb1f868af8619a2960eafa f95338aec49f5cf3e62903cde9ebbbe39e15f6c9aa4fb020dffc4c181afd5476 3f6f4f642019e346f95e7cba8a3941999b57bee885b62b373426495424bd45a2 690343fe8c71a049150e3fe80d65421bc318b39d5d7bd7a00ea423cf1e6119dd f5aaa1ffb2213d1279b3e8ba0b499688dbce99175eb5550377ebd4c2b18c1787 SSDEEP hashes: 768:FtSlWJWbKbKHVXHol7kKBbaCBWcv5LmGWraVUPphChzwN3AKr6H/1ZFsWAIKccUo:FtWWJWbKbKHVXHol7kKBbaCBWcv5LmGq 12288:7EfjWoEu/PTrUjPN/X5Ngp5UaTX3Ce7LpqGDSlXANfCvA+9E4kYSnd7e74JzENtS:QCoEu3U5freye7HhFE9eLdLx0Wu2J 12288:CkxD72jNNTA8f5Dj9InOHzmD8zydV20qc6hy6gsJ1x:CkxqYOHiD88Vb96g6gsJj 12288:ikgoVNZw1g0RFyZIzXF1WF/9EkEomts4J3Iuy3NiPKKlCvkiUMd0ON0Y4G08GEJH:3goVNZw1g0RFyZIzXF1WF/9Ekzma4hEt 12288:mzUGV8+7jZegjTYUDAKH9RSmXvYitIt08N2n2:EMudLnAKdRSiJy42 12288:/EfjWoEu/PTrUjPN/X5Ngp5UaTX3Ce7LpqGDSlXANfCvA+9E4kYSnd7e74JzENtm:MCoEu3U5freye7HhFE9eLdLx0Wu 48:3Wq5sRyjUN9AmpjxjrPseFWK6ZwV+j7A6/sdVRAkOfTIEyYUvZ+6E9ApHTn:3W2sRgc99pjxX87ZwMA2sZEChHECz 12288:cEfjWoEu/PTrUjPN/X5Ngp5UaTX3Ce7LpqGDSlXANfCvA+9E4kYSnd7e74JzENtm:1CoEu3U5freye7HhFE9eLdLx0Wu 6144:6T49iYu7drWwizUmqCRAuxpmehFCBV+IKkTgqAsC9v5wdyX1e2HugbVQmmx5uyvm:417PizFIEpmmFCn5bGvVUgbVQmmHxgb 3:: 48:AEBqIvPIDhw8rXG6qv+IYddwazbqvj6RIFwvY0jKYgxCLP:AEFMhXG6+xYTwadY0jMxK