486f405d...e9aa | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Ransomware, Trojan

ConsoleApp1.exe

Windows Exe (x86-32)

Created at 2019-06-03T14:18:00

...

Remarks (1/1)

(0x200000e): The overall sleep time of all monitored processes was truncated from "5 minutes" to "1 minute, 20 seconds" to reveal dormant functionality.

Remarks

(0x200000c): The maximum memory dump size was exceeded. Some dumps may be missing in the report.

(0x200001d): The maximum number of extracted files was exceeded. Some files may be missing in the report.

Filters:
Filename Category Type Severity Actions
C:\Users\FD1HVy\Desktop\ConsoleApp1.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 17.10 KB
MD5 b2941a554d6db6eeeeceab24fae5e961 Copy to Clipboard
SHA1 52bc6d9c3a612fc31e57aac69b6d927d232d66d3 Copy to Clipboard
SHA256 486f405db5b12cd436fc2444ea3f34a754584d6dd61c6a4f20773810cfcbe9aa Copy to Clipboard
SSDeep 384:YSI3AJQjfb0wFKXzrlV9a2bAMSZSir3gMS13BG09:Yt8wFqM2bPahWRG0 Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
Parser Error Remark Static analyzer was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Suspicious
First Seen 2019-06-03 10:55 (UTC+2)
Last Seen 2019-06-03 11:10 (UTC+2)
Names ByteCode-MSIL.Trojan.Encoder
Families Encoder
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x4059e6
Size Of Code 0x3a00
Size Of Initialized Data 0x800
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2098-03-29 05:49:16+00:00
Version Information (11)
»
Assembly Version 1.0.0.0
Comments -
CompanyName -
FileDescription ConsoleApp1
FileVersion 1.0.0.0
InternalName ConsoleApp1.exe
LegalCopyright Copyright © 2019
LegalTrademarks -
OriginalFilename ConsoleApp1.exe
ProductName ConsoleApp1
ProductVersion 1.0.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0x39ec 0x3a00 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.7
.rsrc 0x406000 0x5bc 0x600 0x3c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.1
.reloc 0x408000 0xc 0x200 0x4200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.08
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain 0x0 0x402000 0x59bc 0x3bbc 0x0
Memory Dumps (9)
»
Name Process ID Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
system.core.ni.dll 1 0x70360000 0x70AB5FFF Content Changed - 32-bit 0x70555710, 0x704E8E34 False False
...
system.core.ni.dll 1 0x70360000 0x70AB5FFF Content Changed - 32-bit 0x704E6328 False False
...
system.core.ni.dll 1 0x70360000 0x70AB5FFF Content Changed - 32-bit 0x7054A340 False False
...
system.core.ni.dll 1 0x70360000 0x70AB5FFF Content Changed - 32-bit 0x705546CC False False
...
system.core.ni.dll 1 0x70360000 0x70AB5FFF Content Changed - 32-bit 0x704E6328 False False
...
system.ni.dll 1 0x70AC0000 0x7149EFFF Content Changed - 32-bit 0x70C01E90, 0x70C5A720, ... False False
...
system.ni.dll 1 0x70AC0000 0x7149EFFF Content Changed - 32-bit 0x70BFD3E0, 0x70C59EE4, ... False False
...
system.ni.dll 1 0x70AC0000 0x7149EFFF Content Changed - 32-bit 0x70BFD3E0 False False
...
system.ni.dll 1 0x70AC0000 0x7149EFFF Content Changed - 32-bit 0x70C5DF80, 0x70C74E58 False False
...
Local AV Matches (1)
»
Threat Name Severity
Gen:Heur.Ransom.Imps.3
Malicious
C:\588bce7c90097ed212\DHtmlHeader.html Modified File Text
Unknown
...
»
Also Known As C:\588bce7c90097ed212\DHtmlHeader.html id 7162402[Foxdecrypt@protonmail.com].vendetta (Dropped File)
Mime Type text/html
File Size 15.75 KB
MD5 67f1f15a7ccc24ba22c4d0b3a29883f9 Copy to Clipboard
SHA1 2890355c46b43007e454544996995cd4da788590 Copy to Clipboard
SHA256 18bc1caa93b69475f6b79ee8ca5fe1ee1fa62cfb95e0022b98be535ea890cd1f Copy to Clipboard
SSDeep 384:eyFzr7vaPhrjNmlrTARyPnBf1bOezP2PZ2W:eyFzaxjGAwPnV1bbDyF Copy to Clipboard
Parser Error Remark Static analyzer was unable to completely parse the analyzed file
C:\588bce7c90097ed212\DisplayIcon.ico Modified File Stream
Unknown
...
»
Also Known As C:\588bce7c90097ed212\DisplayIcon.ico id 7162402[Foxdecrypt@protonmail.com].vendetta (Dropped File)
Mime Type application/octet-stream
File Size 86.47 KB
MD5 d6d2a076fe89b1b77207eaf13e7e5ff8 Copy to Clipboard
SHA1 270a07afeb9fa410da77b3ba7e950ad0062c0146 Copy to Clipboard
SHA256 69a14113ede07cb03f6e048cc252e53411138c7bd2bf3737803224b84d28e0ef Copy to Clipboard
SSDeep 1536:zEMH1TtIHSX9aw+mvgs8j9YPRerKgcpRZ1+tPCcQCXev2BJ83FMWySVRp8K:zlTtMSAwg9m3p+Jv+O4uSV Copy to Clipboard
C:\588bce7c90097ed212\header.bmp Modified File Stream
Unknown
...
»
Also Known As C:\588bce7c90097ed212\header.bmp id 7162402[Foxdecrypt@protonmail.com].vendetta (Dropped File)
Mime Type application/octet-stream
File Size 3.55 KB
MD5 9fbaec01943e45057d3b26fdb3940ea0 Copy to Clipboard
SHA1 4e1e23cf63e06cd10f9965f0e27ff88035c876e5 Copy to Clipboard
SHA256 1d89f72fa479a2e3fe1f63781ac2977b851b571a98e273fcfd3f20bd54a1e8ef Copy to Clipboard
SSDeep 48:EUkZqgDDsz0X/x1zCR4/Edq7Oi+csJ1jrG6Y5Piyn9hKDQuRBdX:EzqOTXp1J/0sD+lJNrG6ciEGQuvV Copy to Clipboard
C:\588bce7c90097ed212\netfx_Core.mzz Modified File Stream
Unknown
...
»
Also Known As C:\588bce7c90097ed212\netfx_Core.mzz id 7162402[Foxdecrypt@protonmail.com].vendetta (Dropped File)
Mime Type application/octet-stream
File Size 173.08 MB
MD5 26ed362e271a3220b08f10d4cf083268 Copy to Clipboard
SHA1 05a391fe45bd1e72ef7b8494d56717132cda7bf0 Copy to Clipboard
SHA256 a9aa29a0289599aecdb27bd04b70a9b38043998cd691082df49dfa4537a1f67c Copy to Clipboard
SSDeep 196608:604YyKSBXZ35w+KBK2KJKn0W46ooP8ZNoz+hK12RPUlt:34Y7qZ3CwFIn0W46ooP8Zyz+hm62 Copy to Clipboard
C:\588bce7c90097ed212\netfx_Core_x64.msi Modified File Stream
Unknown
...
»
Also Known As C:\588bce7c90097ed212\netfx_Core_x64.msi id 7162402[Foxdecrypt@protonmail.com].vendetta (Dropped File)
Mime Type application/octet-stream
File Size 1.81 MB
MD5 eb2bbf4a9e26eeb42fb05de1849ef3ab Copy to Clipboard
SHA1 3283446627636f51240985a2d0f44708273b3640 Copy to Clipboard
SHA256 f09ef2753bdbba4f081840421578624125bdda2a1fc4d976ff217838ac63499b Copy to Clipboard
SSDeep 24576:wjIM0hgB8m+dqpELQ8Eo2EqodjXNwUVpqeiIk1bevLmic7ZDmUB9HgtbqV2jELdq:wKXmzKLIhgjXNwa2ST5Oh92qV27OIrYe Copy to Clipboard
C:\588bce7c90097ed212\netfx_Core_x86.msi Modified File Stream
Unknown
...
»
Also Known As C:\588bce7c90097ed212\netfx_Core_x86.msi id 7162402[Foxdecrypt@protonmail.com].vendetta (Dropped File)
Mime Type application/octet-stream
File Size 1.11 MB
MD5 ee0e2468e5e7adafe0c531873ee94ae7 Copy to Clipboard
SHA1 96cb13c0668e5b5bb14700abcc4e8c80475cf3b6 Copy to Clipboard
SHA256 0bcfeb0165233da4f98e4f8e858722f520465c1e8085fbfb05f7c89066b563bc Copy to Clipboard
SSDeep 24576:NpDmY0E3gxUPzdYxar/JpGeyMGuxwpoGKgX4R2QFVkb98+:NpddAarGeKuxwpoX44R2QrkBb Copy to Clipboard
C:\Users\FD1HVy\Desktop\passwordd!.txt Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 129 bytes
MD5 d151cc340bc71ee0c625442c82581ee7 Copy to Clipboard
SHA1 a758af2506687cf6a366547b79f5e4d9615c3367 Copy to Clipboard
SHA256 86674c2fac2188b122b17ab40c0f9b942906456a831886143925fd139c1372b2 Copy to Clipboard
SSDeep 3:UjHXLKSLEPGXNbsAtSd/2nKgz25fygTskVkOXfFUnob:UjHXLKSYuXhsudnK3ftTvk/K Copy to Clipboard
C:\Decrypt.txt Dropped File Text
Unknown
...
»
Also Known As C:\$GetCurrent\Decrypt.txt (Dropped File)
C:\$Recycle.Bin\Decrypt.txt (Dropped File)
C:\588bce7c90097ed212\Decrypt.txt (Dropped File)
C:\Boot\Decrypt.txt (Dropped File)
C:\Users\Decrypt.txt (Dropped File)
C:\ESD\Decrypt.txt (Dropped File)
C:\Logs\Decrypt.txt (Dropped File)
C:\PerfLogs\Decrypt.txt (Dropped File)
C:\ProgramData\Decrypt.txt (Dropped File)
C:\Recovery\Decrypt.txt (Dropped File)
C:\$GetCurrent\Logs\Decrypt.txt (Dropped File)
C:\$GetCurrent\SafeOS\Decrypt.txt (Dropped File)
C:\$Recycle.Bin\S-1-5-18\Decrypt.txt (Dropped File)
C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\Decrypt.txt (Dropped File)
C:\588bce7c90097ed212\1025\Decrypt.txt (Dropped File)
C:\588bce7c90097ed212\1028\Decrypt.txt (Dropped File)
C:\588bce7c90097ed212\1029\Decrypt.txt (Dropped File)
C:\588bce7c90097ed212\1030\Decrypt.txt (Dropped File)
C:\588bce7c90097ed212\1031\Decrypt.txt (Dropped File)
C:\588bce7c90097ed212\1032\Decrypt.txt (Dropped File)
C:\588bce7c90097ed212\1033\Decrypt.txt (Dropped File)
C:\588bce7c90097ed212\1035\Decrypt.txt (Dropped File)
C:\588bce7c90097ed212\1036\Decrypt.txt (Dropped File)
C:\588bce7c90097ed212\1037\Decrypt.txt (Dropped File)
C:\588bce7c90097ed212\1038\Decrypt.txt (Dropped File)
C:\588bce7c90097ed212\1040\Decrypt.txt (Dropped File)
C:\588bce7c90097ed212\1041\Decrypt.txt (Dropped File)
C:\588bce7c90097ed212\1042\Decrypt.txt (Dropped File)
C:\588bce7c90097ed212\1043\Decrypt.txt (Dropped File)
C:\588bce7c90097ed212\1044\Decrypt.txt (Dropped File)
C:\588bce7c90097ed212\1045\Decrypt.txt (Dropped File)
C:\588bce7c90097ed212\1046\Decrypt.txt (Dropped File)
C:\588bce7c90097ed212\1049\Decrypt.txt (Dropped File)
C:\ProgramData\Comms\Decrypt.txt (Dropped File)
C:\Users\Public\Desktop\Decrypt.txt (Dropped File)
C:\Users\Public\Documents\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft OneDrive\Decrypt.txt (Dropped File)
C:\ProgramData\Oracle\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\Decrypt.txt (Dropped File)
C:\ProgramData\regid.1991-06.com.microsoft\Decrypt.txt (Dropped File)
C:\ProgramData\SoftwareDistribution\Decrypt.txt (Dropped File)
c:\programdata\microsoft\windows\start menu\decrypt.txt (Dropped File)
c:\programdata\microsoft\windows\templates\decrypt.txt (Dropped File)
C:\ProgramData\USOPrivate\Decrypt.txt (Dropped File)
C:\ProgramData\USOShared\Decrypt.txt (Dropped File)
C:\Recovery\Logs\Decrypt.txt (Dropped File)
C:\Users\Default\Decrypt.txt (Dropped File)
C:\Users\Default.migrated\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\Decrypt.txt (Dropped File)
C:\Users\Public\Decrypt.txt (Dropped File)
C:\Boot\Resources\en-US\Decrypt.txt (Dropped File)
C:\ProgramData\Adobe\ARM\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\AppV\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\ClickToRun\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Crypto\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\DataMart\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Device Stage\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\DeviceSync\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Diagnosis\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\DRM\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Event Viewer\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\IdentityCRL\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\MapData\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\MF\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\NetFramework\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Network\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Office\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Provisioning\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Search\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Settings\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Spectrum\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Speech_OneCore\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Storage Health\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\UEV\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\User Account Pictures\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Vault\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\WDF\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\WinMSIPC\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\WwanSvc\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft OneDrive\setup\Decrypt.txt (Dropped File)
C:\ProgramData\Oracle\Java\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\Decrypt.txt (Dropped File)
C:\ProgramData\USOPrivate\UpdateStore\Decrypt.txt (Dropped File)
C:\Users\Default\AppData\Decrypt.txt (Dropped File)
c:\users\default\appdata\roaming\decrypt.txt (Dropped File)
c:\users\default\appdata\local\microsoft\windows\inetcookies\decrypt.txt (Dropped File)
C:\Users\Default\Desktop\Decrypt.txt (Dropped File)
C:\Users\Default\Documents\Decrypt.txt (Dropped File)
C:\Users\Default\Downloads\Decrypt.txt (Dropped File)
C:\Users\Default\Favorites\Decrypt.txt (Dropped File)
C:\Users\Default\Links\Decrypt.txt (Dropped File)
c:\users\default\appdata\local\decrypt.txt (Dropped File)
C:\Users\Default\Music\Decrypt.txt (Dropped File)
c:\users\default\appdata\roaming\microsoft\windows\network shortcuts\decrypt.txt (Dropped File)
C:\Users\Default\Pictures\Decrypt.txt (Dropped File)
c:\users\default\appdata\roaming\microsoft\windows\printer shortcuts\decrypt.txt (Dropped File)
c:\users\default\appdata\roaming\microsoft\windows\recent\decrypt.txt (Dropped File)
C:\Users\Default\Saved Games\Decrypt.txt (Dropped File)
c:\users\default\appdata\roaming\microsoft\windows\sendto\decrypt.txt (Dropped File)
c:\users\default\appdata\roaming\microsoft\windows\start menu\decrypt.txt (Dropped File)
c:\users\default\appdata\roaming\microsoft\windows\templates\decrypt.txt (Dropped File)
C:\Users\Default\Videos\Decrypt.txt (Dropped File)
C:\Users\Default.migrated\AppData\Decrypt.txt (Dropped File)
C:\Users\Default.migrated\Documents\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Roaming\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\Contacts\Decrypt.txt (Dropped File)
c:\users\fd1hvy\appdata\local\microsoft\windows\inetcookies\decrypt.txt (Dropped File)
C:\Users\FD1HVy\Desktop\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\Documents\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\Downloads\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\Favorites\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\Links\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\Music\Decrypt.txt (Dropped File)
c:\users\fd1hvy\appdata\roaming\microsoft\windows\network shortcuts\decrypt.txt (Dropped File)
C:\Users\FD1HVy\OneDrive\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\Pictures\Decrypt.txt (Dropped File)
c:\users\fd1hvy\appdata\roaming\microsoft\windows\printer shortcuts\decrypt.txt (Dropped File)
c:\users\fd1hvy\appdata\roaming\microsoft\windows\recent\decrypt.txt (Dropped File)
C:\Users\FD1HVy\Saved Games\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\Searches\Decrypt.txt (Dropped File)
c:\users\fd1hvy\appdata\roaming\microsoft\windows\sendto\decrypt.txt (Dropped File)
c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\decrypt.txt (Dropped File)
c:\users\fd1hvy\appdata\roaming\microsoft\windows\templates\decrypt.txt (Dropped File)
C:\Users\FD1HVy\Videos\Decrypt.txt (Dropped File)
C:\Users\Public\AccountPictures\Decrypt.txt (Dropped File)
C:\Users\Public\Downloads\Decrypt.txt (Dropped File)
C:\Users\Public\Libraries\Decrypt.txt (Dropped File)
C:\Users\Public\Music\Decrypt.txt (Dropped File)
C:\Users\Public\Pictures\Decrypt.txt (Dropped File)
C:\Users\Public\Videos\Decrypt.txt (Dropped File)
C:\ProgramData\Adobe\ARM\Reader_15.007.20033\Decrypt.txt (Dropped File)
C:\ProgramData\Adobe\ARM\Reader_15.023.20070\Decrypt.txt (Dropped File)
C:\ProgramData\Adobe\ARM\S\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\AppV\Setup\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\ClickToRun\MachineData\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\ClickToRun\UserData\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Crypto\DSS\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Crypto\Keys\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\UEV\InboxTemplates\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\UEV\Scripts\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\UEV\Templates\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\WinMSIPC\Server\Decrypt.txt (Dropped File)
C:\ProgramData\Oracle\Java\.oracle_jre_usage\Decrypt.txt (Dropped File)
C:\ProgramData\Oracle\Java\installcache_x64\Decrypt.txt (Dropped File)
C:\ProgramData\Oracle\Java\javapath_target_474984\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\Decrypt.txt (Dropped File)
C:\Users\Default.migrated\AppData\Local\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\LocalLow\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\Desktop\tD103ArYxJ\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\Documents\My Shapes\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\Documents\Outlook Files\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\Documents\VF xk8r\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\Favorites\Links\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\Music\nCaY_RHIYTRM2m91L\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\Music\Q Wq-DMID\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\Music\uI54EJtX8q8Aq9o\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\Music\Wi16N\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\Pictures\Camera Roll\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\Pictures\Saved Pictures\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\Videos\G8cFu 9vqjW8W\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\ClickToRun\MachineData\Integration\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Crypto\DSS\MachineKeys\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ScenarioShutdownLogger\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Event Viewer\Views\ApplicationViewsRootNode\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\IdentityCRL\production\temp\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Network\Connections\Cm\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Network\Connections\CM_old\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\Prov\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\Prov\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\Prov\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Search\Data\Applications\Decrypt.txt (Dropped File)
C:\ProgramData\Microsoft\Search\Data\Temp\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\Decrypt.txt (Dropped File)
C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\Decrypt.txt (Dropped File)
c:\users\default\appdata\local\microsoft\windows\history\decrypt.txt (Dropped File)
C:\Users\Default\AppData\Local\Microsoft\Decrypt.txt (Dropped File)
C:\Users\Default\AppData\Local\Temp\Decrypt.txt (Dropped File)
c:\users\default\appdata\local\microsoft\windows\inetcache\decrypt.txt (Dropped File)
C:\Users\Default\AppData\Roaming\Microsoft\Decrypt.txt (Dropped File)
C:\Users\Default.migrated\AppData\Local\Microsoft\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\ActiveSync\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Adobe\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\CEF\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Comms\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\ConnectedDevicesPlatform\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Google\Decrypt.txt (Dropped File)
c:\users\fd1hvy\appdata\local\microsoft\windows\history\decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Microsoft\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\MicrosoftEdge\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Mozilla\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\SystemAppData\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\TempState\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\AC\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\AppData\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\LocalCache\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\LocalState\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\RoamingState\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\Settings\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\SystemAppData\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\TempState\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalCache\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\RoamingState\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\SystemAppData\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AppData\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalCache\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\RoamingState\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\SystemAppData\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\TempState\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AppData\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\LocalCache\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\LocalState\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\RoamingState\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\SystemAppData\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\TempState\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\AC\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\AppData\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\LocalCache\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\LocalState\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\RoamingState\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\SystemAppData\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\TempState\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\AC\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\AppData\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalCache\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\RoamingState\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\Settings\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\SystemAppData\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\TempState\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\AC\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\AppData\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\LocalCache\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\LocalState\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\RoamingState\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\TempState\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.1_8wekyb3d8bbwe\AC\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.1_8wekyb3d8bbwe\AppData\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.1_8wekyb3d8bbwe\LocalCache\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.1_8wekyb3d8bbwe\LocalState\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.1_8wekyb3d8bbwe\RoamingState\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.1_8wekyb3d8bbwe\Settings\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.1_8wekyb3d8bbwe\TempState\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.3_8wekyb3d8bbwe\AC\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.6_8wekyb3d8bbwe\AC\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\km-kh\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\kn\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\ko\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\kok\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\ku-arab\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\ky\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\lb-lu\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\lt\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\lv\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\mi-nz\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\mk\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\ml-in\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\mn\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\mr\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\ms\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\mt-mt\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\nb-no\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\ne-np\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\nl\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\nn-no\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\nso-za\Decrypt.txt (Dropped File)
C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\or-in\Decrypt.txt (Dropped File)
Mime Type text/plain
File Size 698 bytes
MD5 47e52957d4a336e7c82e24307ae8724b Copy to Clipboard
SHA1 7f1c3053c469bed4ba6cae039160b062251814b0 Copy to Clipboard
SHA256 59a25de0429787a6f9558806c05e83cc7331591f759b609bd580f9c35bbc10c6 Copy to Clipboard
SSDeep 12:AWQnjjs9JMOBzQ7DUWZ79HtZeTnR6tFzlDzcDIwFNSVMue1DpN9:+Y9KOBzQ849HtYnR6PzlDzlep9 Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image