Sample File: MD5 hash: 5ea82f3fecbebe37cf282c813a0b8466 SHA1 hash: ee9f072a9c774f3a75ec2dc61cdca97c70196be5 SHA256 hash: 680949c3c5b4b6ffdbe297fcb15096b5d53c8480d0c53ab4dd9801d711a78f31 SSDEEP hash: 3072:skX/5R+RdZCrw3xieUnoVpboZoYztsQiQuo5c:skX/AXZUOboqjQ35 Filename(s): ransom_poc.exe Filetype: Windows Exe (x86-32) Mutex IOCs: - None - Registry Key IOCs: - None - Domain IOCs: - None - IP IOCs: - None - URL IOCs: - None - File IOCs: Filenames: C:\\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini C:\\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.JAMES C:\\BOOTSECT.BAK C:\\Boot\BCD C:\\Boot\BCD.LOG C:\\Boot\BCD.LOG1 C:\\Boot\BCD.LOG1.JAMES C:\\Boot\BCD.LOG2 C:\\Boot\BCD.LOG2.JAMES C:\\Boot\BOOTSTAT.DAT C:\\Boot\BOOTSTAT.DAT.JAMES C:\\Boot\Fonts\chs_boot.ttf C:\\Boot\Fonts\cht_boot.ttf C:\\Boot\Fonts\jpn_boot.ttf C:\\Boot\Fonts\kor_boot.ttf C:\\Boot\Fonts\wgl4_boot.ttf C:\\Boot\cs-CZ\bootmgr.exe.mui C:\\Boot\da-DK\bootmgr.exe.mui C:\\Boot\de-DE\bootmgr.exe.mui C:\\Boot\el-GR\bootmgr.exe.mui C:\\Boot\en-US\bootmgr.exe.mui C:\\Boot\en-US\memtest.exe.mui C:\\Boot\es-ES\bootmgr.exe.mui C:\\Boot\fi-FI\bootmgr.exe.mui C:\\Boot\fr-FR\bootmgr.exe.mui C:\\Boot\hu-HU\bootmgr.exe.mui C:\\Boot\it-IT\bootmgr.exe.mui C:\\Boot\ja-JP\bootmgr.exe.mui C:\\Boot\ko-KR\bootmgr.exe.mui C:\\Boot\memtest.exe C:\\Boot\nb-NO\bootmgr.exe.mui C:\\Boot\nl-NL\bootmgr.exe.mui C:\\Boot\pl-PL\bootmgr.exe.mui C:\\Boot\pt-BR\bootmgr.exe.mui C:\\Boot\pt-PT\bootmgr.exe.mui C:\\Boot\ru-RU\bootmgr.exe.mui C:\\Boot\sv-SE\bootmgr.exe.mui C:\\Boot\tr-TR\bootmgr.exe.mui C:\\Boot\zh-CN\bootmgr.exe.mui C:\\Boot\zh-HK\bootmgr.exe.mui C:\\Boot\zh-TW\bootmgr.exe.mui C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.JAMES C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.JAMES C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.JAMES C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.JAMES C:\\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi C:\\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.JAMES C:\\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml C:\\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.JAMES C:\\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab C:\\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.JAMES C:\\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml C:\\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.JAMES C:\\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab C:\\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.JAMES C:\\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi C:\\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.JAMES C:\\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml C:\\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.JAMES C:\\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml C:\\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.JAMES C:\\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab C:\\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.JAMES C:\\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi C:\\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.JAMES C:\\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml C:\\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.JAMES C:\\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml C:\\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.JAMES C:\\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml C:\\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.JAMES C:\\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab C:\\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.JAMES C:\\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi C:\\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.JAMES C:\\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml C:\\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.JAMES C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.JAMES C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.JAMES C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.JAMES C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.JAMES C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.JAMES C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.JAMES C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.JAMES C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.JAMES C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.JAMES C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.JAMES C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.JAMES C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.JAMES C:\\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab C:\\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.JAMES C:\\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi C:\\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.JAMES C:\\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml C:\\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.JAMES C:\\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml C:\\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.JAMES C:\\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab C:\\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.JAMES C:\\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi C:\\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi.JAMES C:\\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml C:\\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.JAMES C:\\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml C:\\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.JAMES C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.JAMES C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.JAMES C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi.JAMES C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.JAMES C:\\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi C:\\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi.JAMES C:\\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml C:\\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.JAMES C:\\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab C:\\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab.JAMES C:\\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml C:\\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.JAMES C:\\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab C:\\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab.JAMES C:\\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi C:\\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi.JAMES C:\\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml C:\\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.JAMES C:\\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml C:\\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.JAMES C:\\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab C:\\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab.JAMES C:\\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi C:\\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi.JAMES C:\\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml C:\\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.JAMES C:\\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml C:\\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.JAMES C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll.JAMES C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE.JAMES C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest.JAMES C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab.JAMES C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi.JAMES C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.JAMES C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi.JAMES C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.JAMES C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.JAMES C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST.JAMES C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.JAMES C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll.JAMES C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe.JAMES C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll.JAMES C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll.JAMES C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.JAMES C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.JAMES C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab.JAMES C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi.JAMES C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.JAMES C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.JAMES C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi.JAMES C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.JAMES C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.JAMES C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.JAMES C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi.JAMES C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.JAMES C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll.JAMES C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi.JAMES C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.JAMES C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab.JAMES C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe.JAMES C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll.JAMES C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.JAMES C:\\bootmgr C:\\hiberfil.sys c:\windows\JAMES\ c:\windows\JAMES\EncryptedKey c:\windows\JAMES\Encrypted_Files.txt c:\windows\JAMES\KeyHash c:\windows\JAMES\james_flag MD5 hashes: d41d8cd98f00b204e9800998ecf8427e SHA1 hashes: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 hashes: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 SSDEEP hashes: 3::