VMRay Analyzer Report for Sample #20929 VMRay Analyzer 2.2.0 Process 1 2808 crypt.exe 1016 crypt.exe "C:\Users\5JgHKoaOfdp\Desktop\Crypt.exe" C:\Users\5JgHKoaOfdp\Desktop\ c:\users\5jghkoaofdp\desktop\crypt.exe Child_Of Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Deleted Created Created Created Created Created Created Created Created Created Created Created Opened Opened Process 2 2540 #decryptor.exe 1016 #decryptor.exe "C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe" C:\Users\5JgHKoaOfdp\Desktop\ c:\users\5jghkoaofdp\desktop\#decryptor.exe Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Read_From Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Deleted Deleted Deleted Opened Opened Opened Process 3 960 #decryptor.exe 1580 #decryptor.exe "C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe" C:\Windows\system32\ c:\users\5jghkoaofdp\desktop\#decryptor.exe Read_From Opened Opened Opened File microsoft\hash microsoft\hash c:\ c:\microsoft\hash MD5 79570daf5afe49ef71c9148c51aa1dda SHA1 b6a11a5f191391aca1095932d387945c9ef934a3 SHA256 a963f08069a8ba118efd65291347f46968be1e5a02bb81036ed3584ea972f0e3 File users\5jghkoaofdp\documents\-spm6vjb.odt.lime users\5jghkoaofdp\documents\-spm6vjb.odt.lime c:\ c:\users\5jghkoaofdp\documents\-spm6vjb.odt.lime lime MD5 b4d942f4683ba6b39b7cce37c902355b SHA1 a66b7f2d457ac42df6587b1831ecadaeaae35e56 SHA256 a44f8fcfa0d42cf77ef27e2ce5acf0ad9b4ae77ec6f5be9de07f78ac14ec11ce File users\5jghkoaofdp\documents\0u2ya.docx.lime users\5jghkoaofdp\documents\0u2ya.docx.lime c:\ c:\users\5jghkoaofdp\documents\0u2ya.docx.lime lime MD5 2546d9ba9be02db58e8fe966ab91caea SHA1 c0ebdbc21ddb63954919b3a45b392151fbc9f16b SHA256 1efd55214870714732c1e9503d42c853f342603c93207dbe729325729689ef2b File users\5jghkoaofdp\documents\7wwg1y1tq2o4xif.pdf.lime users\5jghkoaofdp\documents\7wwg1y1tq2o4xif.pdf.lime c:\ c:\users\5jghkoaofdp\documents\7wwg1y1tq2o4xif.pdf.lime lime MD5 4919359f1310c4aefcda111370faf616 SHA1 6b7f727a9b5a7f2de9f5494d8cce8678cd9d4ca8 SHA256 de60cda7106e04857a224b2c139381dc5907348f8465827ad0366ea471ccbf64 File users\5jghkoaofdp\documents\9tmo3uu8-scl.xlsx.lime users\5jghkoaofdp\documents\9tmo3uu8-scl.xlsx.lime c:\ c:\users\5jghkoaofdp\documents\9tmo3uu8-scl.xlsx.lime lime MD5 424c59058aaca748e44049c9abc42f85 SHA1 62f42f357977e8edb15a956b472846fd42cf756f SHA256 bbf01e9b2887fadc026683f02a469d7f991fac5240fc3777ecf3f6f3b1e0cb96 File users\5jghkoaofdp\documents\aeghbubms5ntl.pptx.lime users\5jghkoaofdp\documents\aeghbubms5ntl.pptx.lime c:\ c:\users\5jghkoaofdp\documents\aeghbubms5ntl.pptx.lime lime MD5 815ee7a3f7a76c7f3b38c1ae17fcd72e SHA1 8abce056fbccf6c09114555e172441aa16c67561 SHA256 2189fcee260e07ef63e22ce138ade649ed24c8d061e292d7f64593b93e2a928b File users\5jghkoaofdp\documents\c94gq1vfwvfbcdgwkd_.docx.lime users\5jghkoaofdp\documents\c94gq1vfwvfbcdgwkd_.docx.lime c:\ c:\users\5jghkoaofdp\documents\c94gq1vfwvfbcdgwkd_.docx.lime lime MD5 862921b589b1174597317f170cbab044 SHA1 9fe9f87c32d73f2054d4fe01b35d096b0f6e3a47 SHA256 bd1b4d09a8585e5676e94e24ffb2ebd2be748da757059de0792829119d1bf1ba File users\5jghkoaofdp\documents\desktop.ini.lime users\5jghkoaofdp\documents\desktop.ini.lime c:\ c:\users\5jghkoaofdp\documents\desktop.ini.lime lime MD5 c9b46817038fb05173f74b2790bbc4ce SHA1 cc9f85de2a7c64983b76b792c886127d138a5aed SHA256 db5d72c549b2858b34b9b5e3c30992eddabea01e5932f4c96f85fff201341613 File users\5jghkoaofdp\documents\erhcl a2gbl1at.docx.lime users\5jghkoaofdp\documents\erhcl a2gbl1at.docx.lime c:\ c:\users\5jghkoaofdp\documents\erhcl a2gbl1at.docx.lime lime MD5 8a71b4f4b4ad2e149140cb2b622b1fad SHA1 88449cd7ef630459459cca28010d9ca8afe14b34 SHA256 515ff8c559e9c6e7954935a84d186ab4d02babe1ba2aabf27f31bc230828bfeb File users\5jghkoaofdp\documents\eyedf199l.xlsx.lime users\5jghkoaofdp\documents\eyedf199l.xlsx.lime c:\ c:\users\5jghkoaofdp\documents\eyedf199l.xlsx.lime lime MD5 ae2cdd9a7f32633b027bd575d0f113dc SHA1 53cb828326932fff1ad9caea8f57461806bb230e SHA256 bea704f52a0f00d060ac9941e436d630e7cada31f56fb73e48af2218d2411796 File users\5jghkoaofdp\documents\g 5zx6m5n.docx.lime users\5jghkoaofdp\documents\g 5zx6m5n.docx.lime c:\ c:\users\5jghkoaofdp\documents\g 5zx6m5n.docx.lime lime MD5 94bec26d56d482bd139bdfb85b01cec0 SHA1 a9dc1a26b2b735e470a74a18e40944eb7b4bd7ce SHA256 85cbd08116d0556bf80968bdae8afba8d4e59270cee8f0c4d8ca0097661246bc File users\5jghkoaofdp\documents\gmur.xlsx.lime users\5jghkoaofdp\documents\gmur.xlsx.lime c:\ c:\users\5jghkoaofdp\documents\gmur.xlsx.lime lime MD5 00921b3dd8f8a0b4c3c838ce320f8d51 SHA1 5d5dd5fed4d0390fe22f9e93247b43b68f7ef5c6 SHA256 9ef6930900b28d361eaa83d4cd61d1525e143c3ccffc312a22644d23aa27f4a4 File users\5jghkoaofdp\documents\h2pcxtbbfd di.xlsx.lime users\5jghkoaofdp\documents\h2pcxtbbfd di.xlsx.lime c:\ c:\users\5jghkoaofdp\documents\h2pcxtbbfd di.xlsx.lime lime MD5 b2c1aba23191532fc0d783f69e75770f SHA1 4858c75da24b0b7dfd769f7b3da5d4405b6fc45c SHA256 3d4def9f5b6a66da1060a8388b8d0119ebd8d0a56c4091682ede7fe757adb9db File users\5jghkoaofdp\documents\iydmli-q8mf8cj.ppt.lime users\5jghkoaofdp\documents\iydmli-q8mf8cj.ppt.lime c:\ c:\users\5jghkoaofdp\documents\iydmli-q8mf8cj.ppt.lime lime MD5 43785acb2b4829ee93a6166f488f3f43 SHA1 dc663c05346efb28562d5a1c7fc5c82a2cab90ca SHA256 9a4d4bffaa3f4693a95905f1d125f721d3926beb00104f4b035c6b54d8c60714 File users\5jghkoaofdp\documents\oczespochpv.csv.lime users\5jghkoaofdp\documents\oczespochpv.csv.lime c:\ c:\users\5jghkoaofdp\documents\oczespochpv.csv.lime lime MD5 b7246b6277c064427412b2b3f7ce6ffc SHA1 d55113611d99fcf8132db6c89e38a7035fb4b7c5 SHA256 c6a0f5d5f54b84da2cde0afe2ed7cde7095f06df136891752e06bec52fd7cd01 File users\5jghkoaofdp\documents\oojiqe2ti5vbxcbhng2.docx.lime users\5jghkoaofdp\documents\oojiqe2ti5vbxcbhng2.docx.lime c:\ c:\users\5jghkoaofdp\documents\oojiqe2ti5vbxcbhng2.docx.lime lime MD5 5ff36f203bba5b322f5b8687bfc8f0a2 SHA1 f0c3ca41a1e38db91f05d0bd1a007d3294ed2770 SHA256 5957d364d5e8c1b48c1b42eeb3fa02f4d4c5c3e2f1829a182d2a5445b576abe7 File users\5jghkoaofdp\documents\x7nab3sx5u.pptx.lime users\5jghkoaofdp\documents\x7nab3sx5u.pptx.lime c:\ c:\users\5jghkoaofdp\documents\x7nab3sx5u.pptx.lime lime MD5 db0cc0cdc6760daae4c33c0948512fb6 SHA1 43fcfa1a53d7bc16eb97c3f98fc7241c186d6659 SHA256 8f9a92d8c392f354ee9843901e1f5d0fd331f6056f1e3528118caa998ec2b9b9 File users\5jghkoaofdp\documents\kaaornrraztx\b37k-lfrwivyw.pps.lime users\5jghkoaofdp\documents\kaaornrraztx\b37k-lfrwivyw.pps.lime c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\b37k-lfrwivyw.pps.lime lime MD5 eda419c37b32c3b4aa1b721cb678a437 SHA1 82d30c13eee7e1277275b27a50bb7dfacdb8cc9d SHA256 9dbeee248a82d89fc500ef79880ab80c3b3d8a95cb60c8866ec1bd13bc317b91 File users\5jghkoaofdp\documents\kaaornrraztx\miqzp.pps.lime users\5jghkoaofdp\documents\kaaornrraztx\miqzp.pps.lime c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\miqzp.pps.lime lime MD5 846a4dddd2a1dd6c856e3040ff20f2bf SHA1 f40041b3f0a9f0d460112b99798a88b002695f16 SHA256 30012a509d48b4fa6da6e0e0b242526de79aaa8cbe373971c02ac7f10d58e540 File users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\dupiwyyc2jp.docx.lime users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\dupiwyyc2jp.docx.lime c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\dupiwyyc2jp.docx.lime lime MD5 3de5fba903cec3f1edbd740b43e4c9f0 SHA1 1a0cb04b9f174a09eb689fd29cd48343a10634c8 SHA256 0ad60be3f262f563d7fbebba20b4f7cb87c04e2e4c5e4de572b83266220a0cf9 File users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\gtn-k.odt.lime users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\gtn-k.odt.lime c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\gtn-k.odt.lime lime MD5 f341d44e54207d2b5ecafa488e0d6d41 SHA1 42d2bd5e141cb52a34ea655dbf88e39ba694cad5 SHA256 b5868ee3bca2076893a61add47be36d73e56868bf2aa8129431eaddafc11bc59 File users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\mt8ryidfz3cr.pptx.lime users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\mt8ryidfz3cr.pptx.lime c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\mt8ryidfz3cr.pptx.lime lime MD5 df4afaf4f93aaceb0d4e62cef5a86cf4 SHA1 abc7b577d51e6d8223fde047b95fdc56becb5f20 SHA256 9216bc5e02ff640e2cd85f6dc7035a0ba6ea016b074346d374f65c47880cb038 File users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\nadn7qwb885nzat o.odp.lime users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\nadn7qwb885nzat o.odp.lime c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\nadn7qwb885nzat o.odp.lime lime MD5 f15adc0f50a7dc19f47f0d00b75ed444 SHA1 516a82381412d27d61ca16b172cef47848ac2a27 SHA256 64e84454898b46715d6c573f812a36236bf4585e169553cf2bb5af036339e916 File users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\nuvav.rtf.lime users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\nuvav.rtf.lime c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\nuvav.rtf.lime lime MD5 ae505c67a1f9c6807e2e64ebdff8c37b SHA1 f91536a2dc4a9e9fb00953b0dd87555dd9b835c7 SHA256 f424568ed0e0742e9f7045cafaf42a9e10cc5dbb2e0d538ca8cd700ce50d4892 File users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\u2 jrsbzpir7oxwwq.pptx.lime users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\u2 jrsbzpir7oxwwq.pptx.lime c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\u2 jrsbzpir7oxwwq.pptx.lime lime MD5 17e53bd42e9e3784a675460c04ebc5bc SHA1 21f73a8d3364d9f59d75732826a391b73a94da27 SHA256 1b2790b749c9dc3c85a06d557e2962b01d220bf277274aba2bce80225f2178a7 File users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\w anjoz7.doc.lime users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\w anjoz7.doc.lime c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\w anjoz7.doc.lime lime MD5 056b121ba3acf890e659c167d6a07df3 SHA1 a3c1943bce25a355e41fb1abb3708ec6ad56df55 SHA256 50fb1fa37546a0765205d0424199bf5c8159c1b33cb537d5d3e35e830aec6097 File users\5jghkoaofdp\documents\kaaornrraztx\vksw t\77jqfti.csv.lime users\5jghkoaofdp\documents\kaaornrraztx\vksw t\77jqfti.csv.lime c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\vksw t\77jqfti.csv.lime lime MD5 1a58904a8f4ba4b6ff21bfa0a818100e SHA1 afe3e1fb048518682ae7eabe0f3f877de3c3759b SHA256 727add00ffb70858d8200cc3978111b36952698bf1651bc52c987d6391245f1d File users\5jghkoaofdp\documents\kaaornrraztx\vksw t\9bweefny0rpp.ods.lime users\5jghkoaofdp\documents\kaaornrraztx\vksw t\9bweefny0rpp.ods.lime c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\vksw t\9bweefny0rpp.ods.lime lime MD5 31f5d82dd9b4998635e79cac53e84cd8 SHA1 8e959e4f97c1a0816fb8aa4af2fa4d78648ffa00 SHA256 d4711d2201a585572de2ca9791b17db939b9abffb6f56abc46c556f73c05d497 File users\5jghkoaofdp\documents\my shapes\desktop.ini.lime users\5jghkoaofdp\documents\my shapes\desktop.ini.lime c:\ c:\users\5jghkoaofdp\documents\my shapes\desktop.ini.lime lime MD5 543aa4d0bab6eb92f144852b9321c9b2 SHA1 e5073a14c3b2a9140d4d16009dc228818f9137ac SHA256 b4c49666006e8249df4923c13cfe489feb472ea5350dc96c9c552a7cd902884a File users\5jghkoaofdp\documents\my shapes\favorites.vssx.lime users\5jghkoaofdp\documents\my shapes\favorites.vssx.lime c:\ c:\users\5jghkoaofdp\documents\my shapes\favorites.vssx.lime lime MD5 b89066756566fcf59d882699f2aed3a3 SHA1 7341b43d325c1971d0caabc3dd8d361a2020c668 SHA256 1179b80a694dc4fc5e4f87ad86f8bb625ec972d54c1da2f97b51d3c259c3abb8 File users\5jghkoaofdp\documents\my shapes\_private\folder.ico.lime users\5jghkoaofdp\documents\my shapes\_private\folder.ico.lime c:\ c:\users\5jghkoaofdp\documents\my shapes\_private\folder.ico.lime lime MD5 7c0bc7cc02efbf4681b564565419920e SHA1 65312a2bd1539f3aa2702dbf0ae4e665a27581fc SHA256 356a2f5864d5e933d3044ff8d1b970bd1a0d2e9c664745a9bc92582fc221fb13 File users\5jghkoaofdp\documents\outlook files\cjeijc.diuv@div.com.pst.lime users\5jghkoaofdp\documents\outlook files\cjeijc.diuv@div.com.pst.lime c:\ c:\users\5jghkoaofdp\documents\outlook files\cjeijc.diuv@div.com.pst.lime lime MD5 3147acf6ff86361711af9cd9666eb006 SHA1 d15c599e256a7d53ffae0f60d0b2a7411124ddc4 SHA256 7cda96a618d8c66d7f42d9a569683b30986c6ad6caf88f7e1940f11a6b87b93a File users\5jghkoaofdp\pictures\8yzc.gif.lime users\5jghkoaofdp\pictures\8yzc.gif.lime c:\ c:\users\5jghkoaofdp\pictures\8yzc.gif.lime lime MD5 26adc1f9ab71097bd0197bee8a3ce9e0 SHA1 817fc246afcab2a188fd1a160465e0d368c42d19 SHA256 d91c3eb862790256ec19c1b161c5e0fba291212fe3918c54c7ac7fc0d7109499 File users\5jghkoaofdp\pictures\97qmvfp-n9t7b4u.png.lime users\5jghkoaofdp\pictures\97qmvfp-n9t7b4u.png.lime c:\ c:\users\5jghkoaofdp\pictures\97qmvfp-n9t7b4u.png.lime lime MD5 8464ff4b3e9f397ccf609b1a41ad44d5 SHA1 02b899ed7ef44eaaaea793469d898fc191498790 SHA256 57dd4d4511a75a6999d4e0dd7410a21003c11a5f3a3b097905fdae9831b8f889 File users\5jghkoaofdp\pictures\9pzhjofdzk0fqc8d56gx.bmp.lime users\5jghkoaofdp\pictures\9pzhjofdzk0fqc8d56gx.bmp.lime c:\ c:\users\5jghkoaofdp\pictures\9pzhjofdzk0fqc8d56gx.bmp.lime lime MD5 ddf1569c4ee4980e9f06a0ab99fc9a78 SHA1 75a85b1d0bd23ab66caf64c251da2af78809c293 SHA256 97cc8af117df3c2143929e739a288dcd74ac549c59dac5bc3d4e615206fb5812 File users\5jghkoaofdp\pictures\auoxltyrvw31 biyhvn.png.lime users\5jghkoaofdp\pictures\auoxltyrvw31 biyhvn.png.lime c:\ c:\users\5jghkoaofdp\pictures\auoxltyrvw31 biyhvn.png.lime lime MD5 57786d413b451721be96c2ddbab09113 SHA1 9b28d33d86a94aa351138e10073bdb2fc79f70eb SHA256 6e8aa604822738992563e086227bab934c8a672c4f787c4f4849de32597c1a9f File users\5jghkoaofdp\pictures\hoshp.gif.lime users\5jghkoaofdp\pictures\hoshp.gif.lime c:\ c:\users\5jghkoaofdp\pictures\hoshp.gif.lime lime MD5 d2befa51c32e29e1b649063ca7df518a SHA1 02bbb9921b9d89493f11067bf3cde44027875a5b SHA256 4fd2643d374ec75b8e9d82def8992c62d8130871e2104a7d5a5bbbfd3c40a0a0 File users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\cn2.bmp.lime users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\cn2.bmp.lime c:\ c:\users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\cn2.bmp.lime lime MD5 4165af98fa053b0ee858800fdea6bf2b SHA1 cc4f196f2c84e8341319a9d160b59e1ef8cc7b75 SHA256 37b69b47f658dff4332165ccaa4cfa88d83cc13c0502fee6a512d5ae46e1c0a5 File users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\eemvu3dk.bmp.lime users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\eemvu3dk.bmp.lime c:\ c:\users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\eemvu3dk.bmp.lime lime MD5 b7a5dafa65e2e3fa682f5465eb1b0916 SHA1 62ce2237261b73c50cff867af65cab8cd538454e SHA256 6a59dc100b1eaee7d56d79938e985486549ebd0b6b0917da24fe39571ea22573 File users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\fnzhhkemnjg.gif.lime users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\fnzhhkemnjg.gif.lime c:\ c:\users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\fnzhhkemnjg.gif.lime lime MD5 273d2cab40ee021cef924385e9f4c715 SHA1 e9788c8741af89cc2abc5ce89840cb45dc6fe459 SHA256 04a68085ad7d4195d1f82b683a8801a78efe5bc170386553eedc12a772336b41 File users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\nr6dmjkjcntfscqr.gif.lime users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\nr6dmjkjcntfscqr.gif.lime c:\ c:\users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\nr6dmjkjcntfscqr.gif.lime lime MD5 5f2dc9ccbe05c735697196fa730a5295 SHA1 1a4b13b00ce7944428fe442e64ab917cf379fac1 SHA256 ac617690e7e57582c5f49af08ee04a6ced2a8b3082576c3eca0295a9b1a9b6cb File users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\qkgeynbdljnjdcbmjb.gif.lime users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\qkgeynbdljnjdcbmjb.gif.lime c:\ c:\users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\qkgeynbdljnjdcbmjb.gif.lime lime MD5 4f0d0c36301c73cf775da773e984b771 SHA1 6a0424d118d3a53091d507ac8e29e67b2b433b63 SHA256 d32a53331826fce9e18511db91f521bb5cc09964d78e290add6f8591fbb6e76f File users\5jghkoaofdp\pictures\cglz_jmc_lob0ujffp\b4tjitd_nyk uv.bmp.lime users\5jghkoaofdp\pictures\cglz_jmc_lob0ujffp\b4tjitd_nyk uv.bmp.lime c:\ c:\users\5jghkoaofdp\pictures\cglz_jmc_lob0ujffp\b4tjitd_nyk uv.bmp.lime lime MD5 f8a8e6adf87e50988f6afe69041bf3bc SHA1 a19758a519ee1988e175c104406249dbfd899819 SHA256 e994ef93dcc6b432041411aab490fbdf22f7258987f4140a7fd20e9d8c219a95 File users\5jghkoaofdp\pictures\cglz_jmc_lob0ujffp\dc394objo9c.bmp.lime users\5jghkoaofdp\pictures\cglz_jmc_lob0ujffp\dc394objo9c.bmp.lime c:\ c:\users\5jghkoaofdp\pictures\cglz_jmc_lob0ujffp\dc394objo9c.bmp.lime lime MD5 b5291809b8a3d6841d00a129a3668c31 SHA1 2263a7b583f32b506984163065c41aa5736506fb SHA256 ba0a44b2bc81d19046e1e05ae96a55702829e8c74d9ea559fc6d3bca964566f3 File users\5jghkoaofdp\music\c-56as7eiall.mp3.lime users\5jghkoaofdp\music\c-56as7eiall.mp3.lime c:\ c:\users\5jghkoaofdp\music\c-56as7eiall.mp3.lime lime MD5 f8d5cb7a00e83a49149d4622021fa5b7 SHA1 ecf37d0aa1bb699abb4b6f1bfb1ba5ebc43e1172 SHA256 3f9c4be52001bdc0622ab3e8b33131d749f02a8e80773babce9d699958965bc1 File users\5jghkoaofdp\music\desktop.ini.lime users\5jghkoaofdp\music\desktop.ini.lime c:\ c:\users\5jghkoaofdp\music\desktop.ini.lime lime MD5 bbecdaa0d5d5dff70246d8e481a133ae SHA1 59464008c26a95368fb4cfc3e78e6726e45ac9ba SHA256 2a52121b8b48b82524a604eb11e4387e009828454101301bf9082b72508c616a File users\5jghkoaofdp\music\gru-m3d0ihjq.wav.lime users\5jghkoaofdp\music\gru-m3d0ihjq.wav.lime c:\ c:\users\5jghkoaofdp\music\gru-m3d0ihjq.wav.lime lime MD5 fbd8c5a14f99ea11a20c1ff956261d27 SHA1 6002af7f5e9928336c5fb4694afc2ac381a01331 SHA256 d1947ab433b644e42b7ab6cdb566a7dc835578180b0822277ea04ff4b4ed6608 File users\5jghkoaofdp\music\od32to.mp3.lime users\5jghkoaofdp\music\od32to.mp3.lime c:\ c:\users\5jghkoaofdp\music\od32to.mp3.lime lime MD5 41fb7d419423fe05675a472228237edf SHA1 1c2a9a43891bcd3d57dea5d1b7c469dea590ef67 SHA256 424ed283f523ee782bbb8ff96eaae18a66f3b05a5b5135a69ef8de7ed755deaf File users\5jghkoaofdp\music\q0ua0ahepdpsiaueq0.mp3.lime users\5jghkoaofdp\music\q0ua0ahepdpsiaueq0.mp3.lime c:\ c:\users\5jghkoaofdp\music\q0ua0ahepdpsiaueq0.mp3.lime lime MD5 c11b3421e93e99a9f4e8588c9e6d19cd SHA1 bd9c49df024f11fe5696c90eb0a4ba6eab851455 SHA256 e280296785805f92d2ef712b1d496a23c86ff294d3b9d7557349b31423fb6ba0 File users\5jghkoaofdp\music\_wgbp3qw\ggnh.m4a.lime users\5jghkoaofdp\music\_wgbp3qw\ggnh.m4a.lime c:\ c:\users\5jghkoaofdp\music\_wgbp3qw\ggnh.m4a.lime lime MD5 2f83fe33b0187cc874874dee35b83c00 SHA1 32fdcfabc4f858ff7ad973a5a08fba06ae33d4d4 SHA256 dc3735b311a07d5212c839e07f472f08d8a8f60eceef76383e043aefde3c2b69 File users\5jghkoaofdp\music\_wgbp3qw\gqfyfnbufhd0b2hnpcm.wav.lime users\5jghkoaofdp\music\_wgbp3qw\gqfyfnbufhd0b2hnpcm.wav.lime c:\ c:\users\5jghkoaofdp\music\_wgbp3qw\gqfyfnbufhd0b2hnpcm.wav.lime lime MD5 3b2c8cc031100456b9b0ffb630df0ab6 SHA1 2ad64c5d4e7359842e2148b78c442bb2c15fa92c SHA256 ea72462195205f5f53848347d49a13d5f980fc8ef624334a204a42dcde841d14 File users\5jghkoaofdp\music\_wgbp3qw\gwcyviwii.mp3.lime users\5jghkoaofdp\music\_wgbp3qw\gwcyviwii.mp3.lime c:\ c:\users\5jghkoaofdp\music\_wgbp3qw\gwcyviwii.mp3.lime lime MD5 9a63c489b44c5bcaec8f54223f9d1ddc SHA1 d87aba4cffead69f90729f35cd99848ba58eed43 SHA256 71f256e963cc4efa21b3ca27d9c5ed2ee9523efd012d162869e4dbb60ca77475 File users\5jghkoaofdp\music\_wgbp3qw\kz2m.mp3.lime users\5jghkoaofdp\music\_wgbp3qw\kz2m.mp3.lime c:\ c:\users\5jghkoaofdp\music\_wgbp3qw\kz2m.mp3.lime lime MD5 232e3e201518c574f55948d982da7262 SHA1 acbab8ba8b246e038e2ee4cd39f48e10146589f4 SHA256 621e4d05e90a7da85ecff96f71cc85cdb6a0c215a21a7801796e19a20a6db720 File users\5jghkoaofdp\music\_wgbp3qw\qvxpyewmyw121.wav.lime users\5jghkoaofdp\music\_wgbp3qw\qvxpyewmyw121.wav.lime c:\ c:\users\5jghkoaofdp\music\_wgbp3qw\qvxpyewmyw121.wav.lime lime MD5 30b1cbcca53c3afbf7739e9b5c485620 SHA1 6e7632974f0e8ef95663c011a7921b105d0009d6 SHA256 bcded786bc9f0f036c7760a25e425e9deb362c1265d59a3ba3b6545e3aab7d52 File users\5jghkoaofdp\music\_wgbp3qw\sy3cpsu.m4a.lime users\5jghkoaofdp\music\_wgbp3qw\sy3cpsu.m4a.lime c:\ c:\users\5jghkoaofdp\music\_wgbp3qw\sy3cpsu.m4a.lime lime MD5 71e60381304f1802e946ff866646cd28 SHA1 7b52b959b53f7c79a597872fda5285b0a7612a44 SHA256 483972808aa0b1d792e66d2201c5b78067c217835d495b625da7baf1a06a4a54 File users\5jghkoaofdp\music\_wgbp3qw\ufkl.wav.lime users\5jghkoaofdp\music\_wgbp3qw\ufkl.wav.lime c:\ c:\users\5jghkoaofdp\music\_wgbp3qw\ufkl.wav.lime lime MD5 b495fd88db772adac97d11470dd8a8bd SHA1 b284b1a5203fcd4db7af7b5d58eb529b9bd50b15 SHA256 73442b4eb6caeccdfd967382166bd31b245fd660a136241f477c2a605b7393fb File users\5jghkoaofdp\music\_wgbp3qw\uxkqt2i9x6pc8.wav.lime users\5jghkoaofdp\music\_wgbp3qw\uxkqt2i9x6pc8.wav.lime c:\ c:\users\5jghkoaofdp\music\_wgbp3qw\uxkqt2i9x6pc8.wav.lime lime MD5 2ce61dd19d7c10d95f54fba753b61738 SHA1 ac1089615d1750d344b7ec76b6ea4dc499875ba0 SHA256 a380013c0f1dd0c0d85144a283a881ac09ef175646a0c67663d768fd5dfb950c File users\5jghkoaofdp\music\_wgbp3qw\vw e9ij.mp3.lime users\5jghkoaofdp\music\_wgbp3qw\vw e9ij.mp3.lime c:\ c:\users\5jghkoaofdp\music\_wgbp3qw\vw e9ij.mp3.lime lime MD5 7a87d1bc45fc6d5b99bfa3abe234568a SHA1 de332830980ece74917caa8434af0a68e943b235 SHA256 57ce3032a943cbadbee69a59aeb817f1acebeec309fb0bb580065cd0354c2eb6 File users\5jghkoaofdp\music\_wgbp3qw\yotflh9s-- h9v.wav.lime users\5jghkoaofdp\music\_wgbp3qw\yotflh9s-- h9v.wav.lime c:\ c:\users\5jghkoaofdp\music\_wgbp3qw\yotflh9s-- h9v.wav.lime lime MD5 5d5703232f6c7e693d45a9080797fce7 SHA1 23df6e3bd71165c4c4e106f377ec448f0e84a8b5 SHA256 da7d529409b523b4216ee38f38541f39f648e29b3da4846ed443957e0e847775 File users\5jghkoaofdp\videos\40y6k2fub.avi.lime users\5jghkoaofdp\videos\40y6k2fub.avi.lime c:\ c:\users\5jghkoaofdp\videos\40y6k2fub.avi.lime lime MD5 5ba848a370ecbc1d9392edc6eac9ef5b SHA1 dde681e2c6ad9a32e576e64321df1dcac08a692e SHA256 af95427274472be2882fff49284ab5a3eac5ede0f94da6648c7339b629594945 File users\5jghkoaofdp\desktop\2-lzf_caeytdih8ls.avi.lime users\5jghkoaofdp\desktop\2-lzf_caeytdih8ls.avi.lime c:\ c:\users\5jghkoaofdp\desktop\2-lzf_caeytdih8ls.avi.lime lime MD5 7736005a93c48d4f5792444a73c22b5c SHA1 aaa9c36387a59e1f1cb8e91ede7f9c320a00efc9 SHA256 92b0d410d7d6398e758576b05db4888a2711138f6f0a06bf58ddc9198bbfc236 File users\5jghkoaofdp\desktop\2kzlcfwdx.mkv.lime users\5jghkoaofdp\desktop\2kzlcfwdx.mkv.lime c:\ c:\users\5jghkoaofdp\desktop\2kzlcfwdx.mkv.lime lime MD5 3f72b45f772ab924e75bd7338e5a8f93 SHA1 3ffe94a87675650f531ed2659cf33e276fa28034 SHA256 86c13c0f9ff470e4f33fc7ec54c386e2f0f1871b4243b204125507a92d6d71f2 File users\5jghkoaofdp\desktop\6l2vjzd4y qgt3nzdwl.wav.lime users\5jghkoaofdp\desktop\6l2vjzd4y qgt3nzdwl.wav.lime c:\ c:\users\5jghkoaofdp\desktop\6l2vjzd4y qgt3nzdwl.wav.lime lime MD5 91d0b4f5783581561a077f8f92b3141a SHA1 6147e5c1bf5e5854614d0860a930541b3bd13c0a SHA256 24839805f0ecab51b4ca4ec822fd6fc436a1efee638ec9fa0d78e8049563e19a File users\5jghkoaofdp\desktop\6s fhiyfbc68fla.flv.lime users\5jghkoaofdp\desktop\6s fhiyfbc68fla.flv.lime c:\ c:\users\5jghkoaofdp\desktop\6s fhiyfbc68fla.flv.lime lime MD5 5736547bcb17855352e15fa8a8cf0da8 SHA1 f098feb70877d38ced438ee66153f493e248bf0f SHA256 b5f360c039a2d602364df75508f673b2821af174ea595822405d62d693011c48 File users\5jghkoaofdp\desktop\7huc np.mkv.lime users\5jghkoaofdp\desktop\7huc np.mkv.lime c:\ c:\users\5jghkoaofdp\desktop\7huc np.mkv.lime lime MD5 da7cb2f1323a5a5708599b5d07b641ec SHA1 f61222d95ff46b88b9f29322f7a5763527bfebb0 SHA256 1a5c0cdcd3f33a0184d467c99c9837721f0857358187bdd10589ae23d7d23ace File users\5jghkoaofdp\desktop\makfq5zaptizrce7iru.ods.lime users\5jghkoaofdp\desktop\makfq5zaptizrce7iru.ods.lime c:\ c:\users\5jghkoaofdp\desktop\makfq5zaptizrce7iru.ods.lime lime MD5 88831cd5bfab6063eaacddee7e5c6938 SHA1 f9d5013d07ae92624abd6562e8419c166a123bcb SHA256 a07ba284e07f3c583e34972e57d8c5654396224169d3da853520c17402f409d8 File users\5jghkoaofdp\desktop\mv3nggj4w65.png.lime users\5jghkoaofdp\desktop\mv3nggj4w65.png.lime c:\ c:\users\5jghkoaofdp\desktop\mv3nggj4w65.png.lime lime MD5 65b2b016d015d7f31a9818d6f03daa3d SHA1 61341e31998a1faa5153037cfddae14c34248d20 SHA256 a613402abe1b7b0b647c9051b2399363463e072c10cc0bace9749318cc302f97 File users\5jghkoaofdp\desktop\wvjrcaiyskl.jpg.lime users\5jghkoaofdp\desktop\wvjrcaiyskl.jpg.lime c:\ c:\users\5jghkoaofdp\desktop\wvjrcaiyskl.jpg.lime lime MD5 be0e7a5ab911465203ec7f5487da93e5 SHA1 8dc5d60e704a256ffc8571c6d80a75cdf89e8c14 SHA256 f3c16f8c60c2fb20fc0197d73375f282b376ba8836ee0a418760fbc7062aecb7 File users\5jghkoaofdp\desktop\xcdhr9fnegvb5d0.pdf.lime users\5jghkoaofdp\desktop\xcdhr9fnegvb5d0.pdf.lime c:\ c:\users\5jghkoaofdp\desktop\xcdhr9fnegvb5d0.pdf.lime lime MD5 b8f3165a278ec51a42def26e8d173a8b SHA1 79ce39666cceb936f4716a46d148f25b222ceb68 SHA256 fe0ae165145e455fff3ebd83a651d9bf07341b479dc9fdefd93517245e123c6d File users\5jghkoaofdp\desktop\c opbv-sts\hv1siahr-wdxqnisdtes.m4a.lime users\5jghkoaofdp\desktop\c opbv-sts\hv1siahr-wdxqnisdtes.m4a.lime c:\ c:\users\5jghkoaofdp\desktop\c opbv-sts\hv1siahr-wdxqnisdtes.m4a.lime lime MD5 237ddb41e9949baeb6693976da0830ea SHA1 06a03690a1af6bd7f5fadb302a280a25024ae48d SHA256 efb821296eed29cbdccc6425afa105c2bff2dea737615d4f4d2ff92b02038ba3 File users\5jghkoaofdp\desktop\rsvw596pft9dfxj qf8\7mq72ddmzjhmf.jpg.lime users\5jghkoaofdp\desktop\rsvw596pft9dfxj qf8\7mq72ddmzjhmf.jpg.lime c:\ c:\users\5jghkoaofdp\desktop\rsvw596pft9dfxj qf8\7mq72ddmzjhmf.jpg.lime lime MD5 9b4d9414327de03c6621157276c20c03 SHA1 3f4ffc64a14c8511feca0f2241393d0683d5c1ed SHA256 98d0f7a708417bbc365ac91078f7170c2da6cec0fc60b0cc5a08227ed372984e File users\5jghkoaofdp\desktop\#decryptor.exe users\5jghkoaofdp\desktop\#decryptor.exe c:\ c:\users\5jghkoaofdp\desktop\#decryptor.exe exe MD5 067c61ebc26990537ed9c52908cc6025 SHA1 00df5ad324626992fd83ecfca84b7297bbbfaa26 SHA256 60ef3c12e67a01d4445dc3bfac5545fc85b94e33c6c806a681186a5e1ed58561 File users\5jghkoaofdp\documents\-spm6vjb.odt users\5jghkoaofdp\documents\-spm6vjb.odt c:\ c:\users\5jghkoaofdp\documents\-spm6vjb.odt odt MD5 58393dcbf626cfa2e64abf5f28575be8 SHA1 db10c994113b5425ff93b59581a5c9c46aaabf33 SHA256 4bf873910a64441ccaeacdf8852d1b07f0c6c469c8cfb30394f133e51fa22a86 File users\5jghkoaofdp\documents\0u2ya.docx users\5jghkoaofdp\documents\0u2ya.docx c:\ c:\users\5jghkoaofdp\documents\0u2ya.docx docx MD5 a320cd9c75e3083bf63fb92c7649ae6b SHA1 f630cf75c0ef711b159af4c02fdbde959cffe1bb SHA256 406b291294e6c4c1cc2decbe675545637cdb8c133c87981c4c64e77c64a9bda9 File users\5jghkoaofdp\documents\7wwg1y1tq2o4xif.pdf users\5jghkoaofdp\documents\7wwg1y1tq2o4xif.pdf c:\ c:\users\5jghkoaofdp\documents\7wwg1y1tq2o4xif.pdf pdf MD5 fb6f7a95eb2466d83942f7c860d0ef92 SHA1 5ea740cdcd863e75c1956671fd51ee1162a195cf SHA256 c1d0c9c9b48e9e14473f247bb4e690c6d06d998a23736a9c5e2ccd731e7792df File users\5jghkoaofdp\documents\9tmo3uu8-scl.xlsx users\5jghkoaofdp\documents\9tmo3uu8-scl.xlsx c:\ c:\users\5jghkoaofdp\documents\9tmo3uu8-scl.xlsx xlsx MD5 18cc57d055dbd0f5941e23419aa65ab0 SHA1 0f7166e2dcf95cffcf647a2b333b315c3935a2ab SHA256 d32ef1ff293d8fb074e59a5a9e467a733fbc624bfbcb2a9a9790611e8f7540f8 File users\5jghkoaofdp\documents\aeghbubms5ntl.pptx users\5jghkoaofdp\documents\aeghbubms5ntl.pptx c:\ c:\users\5jghkoaofdp\documents\aeghbubms5ntl.pptx pptx MD5 d1cf1130d18e6e4c74d3bfabb2b92f21 SHA1 88874850a50903aae0caed235f60af3dc455a512 SHA256 8a7c1123605a784568aa1e4cf62f3a256ea92417822c24eedf7ce27bc2e02158 File users\5jghkoaofdp\documents\c94gq1vfwvfbcdgwkd_.docx users\5jghkoaofdp\documents\c94gq1vfwvfbcdgwkd_.docx c:\ c:\users\5jghkoaofdp\documents\c94gq1vfwvfbcdgwkd_.docx docx MD5 7ad8bc3380511b4925e6395d3fcfa9b2 SHA1 bbb28eea7616ab36b23d6251cc24a225d88b279d SHA256 15c7a555d745149508e5d327dfe1139ea7b1d860da904e2c014f4e97248489b2 File users\5jghkoaofdp\documents\desktop.ini users\5jghkoaofdp\documents\desktop.ini c:\ c:\users\5jghkoaofdp\documents\desktop.ini ini MD5 ecf88f261853fe08d58e2e903220da14 SHA1 f72807a9e081906654ae196605e681d5938a2e6c SHA256 cafec240d998e4b6e92ad1329cd417e8e9cbd73157488889fd93a542de4a4844 File users\5jghkoaofdp\documents\erhcl a2gbl1at.docx users\5jghkoaofdp\documents\erhcl a2gbl1at.docx c:\ c:\users\5jghkoaofdp\documents\erhcl a2gbl1at.docx docx MD5 a7b21e63df46e1fb905b2a522b7344d8 SHA1 62c19701ef52142244eb102156dd39592777cd7e SHA256 1057f4a6ee8945b5b62a519f2083f3b59cc3f8e311481e348b098468a0815126 File users\5jghkoaofdp\documents\eyedf199l.xlsx users\5jghkoaofdp\documents\eyedf199l.xlsx c:\ c:\users\5jghkoaofdp\documents\eyedf199l.xlsx xlsx MD5 a96f62abda1c6e0b69ea17b84a75e4ba SHA1 d7a6de0a918d918fae62b5771741b0efa317ff6b SHA256 ed7d8f2de672435bee20e565ab6e5976af4a74758bf2092b6cf236a01d0c74a2 File users\5jghkoaofdp\documents\g 5zx6m5n.docx users\5jghkoaofdp\documents\g 5zx6m5n.docx c:\ c:\users\5jghkoaofdp\documents\g 5zx6m5n.docx docx MD5 7fcd1501bb1e6377cfc477ac38c6cd6a SHA1 b702e0777e4cc9886593859d41e1be0b2af85781 SHA256 8e3c9160ca415a81f42630372690914b8bf8573acdf356074dc75d3e47a5d296 File users\5jghkoaofdp\documents\gmur.xlsx users\5jghkoaofdp\documents\gmur.xlsx c:\ c:\users\5jghkoaofdp\documents\gmur.xlsx xlsx MD5 997cb45da07305a5295adadce04410e6 SHA1 0336a5e1609006d5fda1de11a43ad59f6b350afb SHA256 ab9e36a1aecbf6ad45a86034a161f115a8b4f031e8bec177f46e30d421aadb31 File users\5jghkoaofdp\documents\h2pcxtbbfd di.xlsx users\5jghkoaofdp\documents\h2pcxtbbfd di.xlsx c:\ c:\users\5jghkoaofdp\documents\h2pcxtbbfd di.xlsx xlsx MD5 b5d11377e240c9d4182487819bb696e5 SHA1 558b695cc95730f732c8ddf3f7ed973c55b6981b SHA256 aa037a1aeb4fbd6ab534fe2fe774fc71d0f03ca79b5a1b6d972b9042763557a6 File users\5jghkoaofdp\documents\iydmli-q8mf8cj.ppt users\5jghkoaofdp\documents\iydmli-q8mf8cj.ppt c:\ c:\users\5jghkoaofdp\documents\iydmli-q8mf8cj.ppt ppt MD5 89a101f6735aebaeb9f2f37bcb7c35a4 SHA1 96dec5a6c017ddd0e7b3286507ca03679c18b8b0 SHA256 70c616a305d92876229444b03d2787e15060de5f05eb19f10d3752366db99fa9 File users\5jghkoaofdp\documents\o9jfc-djnb qx4.pptx users\5jghkoaofdp\documents\o9jfc-djnb qx4.pptx c:\ c:\users\5jghkoaofdp\documents\o9jfc-djnb qx4.pptx pptx MD5 a4fa2518874f45be4ea728dd59e06469 SHA1 82a9792fe24d414d390cf6369866d6c2a2d8c2f7 SHA256 d3a44d490722d497c7235ccaa833fd5671d7841413c1d32d36817dbb10b6509b File users\5jghkoaofdp\documents\oczespochpv.csv users\5jghkoaofdp\documents\oczespochpv.csv c:\ c:\users\5jghkoaofdp\documents\oczespochpv.csv csv MD5 a6dd475d55ae89c0c495742667cf04c9 SHA1 4486320b73acfc1cf4252b7c3f6aa0c6a848fc2b SHA256 04c473b3899dfc95ac0675156eed6e91581a6e3b335ff95217a5b8177a6fe076 File users\5jghkoaofdp\documents\oojiqe2ti5vbxcbhng2.docx users\5jghkoaofdp\documents\oojiqe2ti5vbxcbhng2.docx c:\ c:\users\5jghkoaofdp\documents\oojiqe2ti5vbxcbhng2.docx docx MD5 927100c1e43af166a66ee4c719e986cb SHA1 f0e74f7a3bb23214f26ea45c5f0b01f36e25c3ec SHA256 7c4667ca8b873156623e4a119071b383b7dedeb3e08cbef83aec421f8a135039 File users\5jghkoaofdp\documents\wvqxspnlmsl.xlsx users\5jghkoaofdp\documents\wvqxspnlmsl.xlsx c:\ c:\users\5jghkoaofdp\documents\wvqxspnlmsl.xlsx xlsx MD5 9e597634dd83f188f7c54793ea7911fc SHA1 e0d16a8f056927b5ccb1c71bc6704743693a3c25 SHA256 e3663a81a83b566044a2b5d0161e9f999e212457451fedebad7fa690eca372d8 File users\5jghkoaofdp\documents\x7nab3sx5u.pptx users\5jghkoaofdp\documents\x7nab3sx5u.pptx c:\ c:\users\5jghkoaofdp\documents\x7nab3sx5u.pptx pptx MD5 2ddc0f8eb8daf54320413c3827ca96f8 SHA1 5e20b75ea989cb07f8c4660f8f8b1fe993d0630e SHA256 e817aa9e9feb2cf9ab35ba5901f1dfd21a8c39b3da500445e836f3700a251489 File users\5jghkoaofdp\documents\kaaornrraztx\0r-udw4thkiupl-orh_.odt users\5jghkoaofdp\documents\kaaornrraztx\0r-udw4thkiupl-orh_.odt c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\0r-udw4thkiupl-orh_.odt odt MD5 f100080dc8c3ad3c4b3f107a423a3bf9 SHA1 c40ee4d57022abf161f1ed3a7698e854279dc938 SHA256 162f9044fc4e24728ae4e3cad7751f7d863cc00f78d2580922a782868af94eaa File users\5jghkoaofdp\documents\kaaornrraztx\b37k-lfrwivyw.pps users\5jghkoaofdp\documents\kaaornrraztx\b37k-lfrwivyw.pps c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\b37k-lfrwivyw.pps pps MD5 a246d5fca5d699a98740cc3261a36f1f SHA1 bf2848ae0818f8390b4cc0556c4a47978665654a SHA256 a8daddf7d9bf5c4fb1aad39a1fe4ecb4345a37e8f3f2900c011096a4f5043232 File users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\dupiwyyc2jp.docx users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\dupiwyyc2jp.docx c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\dupiwyyc2jp.docx docx File users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\gtn-k.odt users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\gtn-k.odt c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\gtn-k.odt odt File users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\mt8ryidfz3cr.pptx users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\mt8ryidfz3cr.pptx c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\mt8ryidfz3cr.pptx pptx File users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\nadn7qwb885nzat o.odp users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\nadn7qwb885nzat o.odp c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\nadn7qwb885nzat o.odp odp File users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\nuvav.rtf users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\nuvav.rtf c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\nuvav.rtf rtf File users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\pvdit6.pdf users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\pvdit6.pdf c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\pvdit6.pdf pdf MD5 52ce1e0b7ce3bc2061c3131c7c0b1f6f SHA1 aeea0a492c9be1f442267b6d80c375e957705e3a SHA256 69310ae8f6f9562a68bc46aae8f37fcf21a15c60f068c13fe9adca43a2bfc07f File users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\u2 jrsbzpir7oxwwq.pptx users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\u2 jrsbzpir7oxwwq.pptx c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\u2 jrsbzpir7oxwwq.pptx pptx File users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\w anjoz7.doc users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\w anjoz7.doc c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\w anjoz7.doc doc File users\5jghkoaofdp\documents\kaaornrraztx\vksw t\77jqfti.csv users\5jghkoaofdp\documents\kaaornrraztx\vksw t\77jqfti.csv c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\vksw t\77jqfti.csv csv File users\5jghkoaofdp\documents\my shapes\desktop.ini users\5jghkoaofdp\documents\my shapes\desktop.ini c:\ c:\users\5jghkoaofdp\documents\my shapes\desktop.ini ini MD5 14967ba849b93421843b52d7e50b75a8 SHA1 523e3329eaf92f12918c1ceaee8b575e74e88318 SHA256 88c8875112fe06eeb89c4b53bab11c72f6db6ad6621fbc94c29e0ac50f83cb06 File users\5jghkoaofdp\documents\my shapes\favorites.vssx users\5jghkoaofdp\documents\my shapes\favorites.vssx c:\ c:\users\5jghkoaofdp\documents\my shapes\favorites.vssx vssx MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 File users\5jghkoaofdp\documents\my shapes\_private\folder.ico users\5jghkoaofdp\documents\my shapes\_private\folder.ico c:\ c:\users\5jghkoaofdp\documents\my shapes\_private\folder.ico ico MD5 5130ee1b914d382af41ff3a35eb151b8 SHA1 81ad3e1731197926cc36fa9d12a1b224b6b82f5c SHA256 baaf97e8e0606daecc8c3271b73b91b1d8b1f2e521ae677480b0a3f87173eb39 File users\5jghkoaofdp\documents\outlook files\cjeijc.diuv@div.com.pst users\5jghkoaofdp\documents\outlook files\cjeijc.diuv@div.com.pst c:\ c:\users\5jghkoaofdp\documents\outlook files\cjeijc.diuv@div.com.pst pst MD5 ca76558a6946bce314bad215edd2ad25 SHA1 52930ef4033d72843f561d9f2d0a02d27fdf3dbf SHA256 cf63f7457bda0006f06cd6716b75216b6a759671ee82787baeb28f1a7a921e8c File users\5jghkoaofdp\pictures\8yzc.gif users\5jghkoaofdp\pictures\8yzc.gif c:\ c:\users\5jghkoaofdp\pictures\8yzc.gif gif MD5 32c698f3bc99e6ee641f8d19fbd32533 SHA1 c63afa5a10f4034a3bd3c2f24caa0b4839e6d5ba SHA256 6e6fb90bc296c80d98f9c69c60b6fc5a7c3c8aaa6dc04547e0656002bef29caa File users\5jghkoaofdp\pictures\97qmvfp-n9t7b4u.png users\5jghkoaofdp\pictures\97qmvfp-n9t7b4u.png c:\ c:\users\5jghkoaofdp\pictures\97qmvfp-n9t7b4u.png png File users\5jghkoaofdp\pictures\9pzhjofdzk0fqc8d56gx.bmp users\5jghkoaofdp\pictures\9pzhjofdzk0fqc8d56gx.bmp c:\ c:\users\5jghkoaofdp\pictures\9pzhjofdzk0fqc8d56gx.bmp bmp File users\5jghkoaofdp\pictures\ghm3idint.gif users\5jghkoaofdp\pictures\ghm3idint.gif c:\ c:\users\5jghkoaofdp\pictures\ghm3idint.gif gif File users\5jghkoaofdp\pictures\hoshp.gif users\5jghkoaofdp\pictures\hoshp.gif c:\ c:\users\5jghkoaofdp\pictures\hoshp.gif gif File users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\cn2.bmp users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\cn2.bmp c:\ c:\users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\cn2.bmp bmp File users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\eemvu3dk.bmp users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\eemvu3dk.bmp c:\ c:\users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\eemvu3dk.bmp bmp File users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\fnzhhkemnjg.gif users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\fnzhhkemnjg.gif c:\ c:\users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\fnzhhkemnjg.gif gif File users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\nr6dmjkjcntfscqr.gif users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\nr6dmjkjcntfscqr.gif c:\ c:\users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\nr6dmjkjcntfscqr.gif gif File users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\qkgeynbdljnjdcbmjb.gif users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\qkgeynbdljnjdcbmjb.gif c:\ c:\users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\qkgeynbdljnjdcbmjb.gif gif File users\5jghkoaofdp\pictures\cglz_jmc_lob0ujffp\b4tjitd_nyk uv.bmp users\5jghkoaofdp\pictures\cglz_jmc_lob0ujffp\b4tjitd_nyk uv.bmp c:\ c:\users\5jghkoaofdp\pictures\cglz_jmc_lob0ujffp\b4tjitd_nyk uv.bmp bmp File users\5jghkoaofdp\pictures\cglz_jmc_lob0ujffp\dc394objo9c.bmp users\5jghkoaofdp\pictures\cglz_jmc_lob0ujffp\dc394objo9c.bmp c:\ c:\users\5jghkoaofdp\pictures\cglz_jmc_lob0ujffp\dc394objo9c.bmp bmp File users\5jghkoaofdp\music\c-56as7eiall.mp3 users\5jghkoaofdp\music\c-56as7eiall.mp3 c:\ c:\users\5jghkoaofdp\music\c-56as7eiall.mp3 mp3 File users\5jghkoaofdp\music\desktop.ini users\5jghkoaofdp\music\desktop.ini c:\ c:\users\5jghkoaofdp\music\desktop.ini ini File users\5jghkoaofdp\music\gru-m3d0ihjq.wav users\5jghkoaofdp\music\gru-m3d0ihjq.wav c:\ c:\users\5jghkoaofdp\music\gru-m3d0ihjq.wav wav File users\5jghkoaofdp\music\od32to.mp3 users\5jghkoaofdp\music\od32to.mp3 c:\ c:\users\5jghkoaofdp\music\od32to.mp3 mp3 File users\5jghkoaofdp\music\_wgbp3qw\eqrsjs.wav users\5jghkoaofdp\music\_wgbp3qw\eqrsjs.wav c:\ c:\users\5jghkoaofdp\music\_wgbp3qw\eqrsjs.wav wav File users\5jghkoaofdp\music\_wgbp3qw\ggnh.m4a users\5jghkoaofdp\music\_wgbp3qw\ggnh.m4a c:\ c:\users\5jghkoaofdp\music\_wgbp3qw\ggnh.m4a m4a File users\5jghkoaofdp\music\_wgbp3qw\gqfyfnbufhd0b2hnpcm.wav users\5jghkoaofdp\music\_wgbp3qw\gqfyfnbufhd0b2hnpcm.wav c:\ c:\users\5jghkoaofdp\music\_wgbp3qw\gqfyfnbufhd0b2hnpcm.wav wav File users\5jghkoaofdp\music\_wgbp3qw\gwcyviwii.mp3 users\5jghkoaofdp\music\_wgbp3qw\gwcyviwii.mp3 c:\ c:\users\5jghkoaofdp\music\_wgbp3qw\gwcyviwii.mp3 mp3 File users\5jghkoaofdp\music\_wgbp3qw\kz2m.mp3 users\5jghkoaofdp\music\_wgbp3qw\kz2m.mp3 c:\ c:\users\5jghkoaofdp\music\_wgbp3qw\kz2m.mp3 mp3 File users\5jghkoaofdp\music\_wgbp3qw\qvxpyewmyw121.wav users\5jghkoaofdp\music\_wgbp3qw\qvxpyewmyw121.wav c:\ c:\users\5jghkoaofdp\music\_wgbp3qw\qvxpyewmyw121.wav wav File users\5jghkoaofdp\music\_wgbp3qw\sy3cpsu.m4a users\5jghkoaofdp\music\_wgbp3qw\sy3cpsu.m4a c:\ c:\users\5jghkoaofdp\music\_wgbp3qw\sy3cpsu.m4a m4a File users\5jghkoaofdp\music\_wgbp3qw\ufkl.wav users\5jghkoaofdp\music\_wgbp3qw\ufkl.wav c:\ c:\users\5jghkoaofdp\music\_wgbp3qw\ufkl.wav wav File users\5jghkoaofdp\music\_wgbp3qw\uxkqt2i9x6pc8.wav users\5jghkoaofdp\music\_wgbp3qw\uxkqt2i9x6pc8.wav c:\ c:\users\5jghkoaofdp\music\_wgbp3qw\uxkqt2i9x6pc8.wav wav File users\5jghkoaofdp\music\_wgbp3qw\vw e9ij.mp3 users\5jghkoaofdp\music\_wgbp3qw\vw e9ij.mp3 c:\ c:\users\5jghkoaofdp\music\_wgbp3qw\vw e9ij.mp3 mp3 File users\5jghkoaofdp\music\_wgbp3qw\yotflh9s-- h9v.wav users\5jghkoaofdp\music\_wgbp3qw\yotflh9s-- h9v.wav c:\ c:\users\5jghkoaofdp\music\_wgbp3qw\yotflh9s-- h9v.wav wav File users\5jghkoaofdp\videos\40y6k2fub.avi users\5jghkoaofdp\videos\40y6k2fub.avi c:\ c:\users\5jghkoaofdp\videos\40y6k2fub.avi avi File users\5jghkoaofdp\desktop\2-lzf_caeytdih8ls.avi users\5jghkoaofdp\desktop\2-lzf_caeytdih8ls.avi c:\ c:\users\5jghkoaofdp\desktop\2-lzf_caeytdih8ls.avi avi File users\5jghkoaofdp\desktop\6l2vjzd4y qgt3nzdwl.wav users\5jghkoaofdp\desktop\6l2vjzd4y qgt3nzdwl.wav c:\ c:\users\5jghkoaofdp\desktop\6l2vjzd4y qgt3nzdwl.wav wav File users\5jghkoaofdp\desktop\6s fhiyfbc68fla.flv users\5jghkoaofdp\desktop\6s fhiyfbc68fla.flv c:\ c:\users\5jghkoaofdp\desktop\6s fhiyfbc68fla.flv flv File users\5jghkoaofdp\desktop\m6mihhsyl_m5kam0.swf users\5jghkoaofdp\desktop\m6mihhsyl_m5kam0.swf c:\ c:\users\5jghkoaofdp\desktop\m6mihhsyl_m5kam0.swf swf File users\5jghkoaofdp\desktop\makfq5zaptizrce7iru.ods users\5jghkoaofdp\desktop\makfq5zaptizrce7iru.ods c:\ c:\users\5jghkoaofdp\desktop\makfq5zaptizrce7iru.ods ods File users\5jghkoaofdp\desktop\mv3nggj4w65.png users\5jghkoaofdp\desktop\mv3nggj4w65.png c:\ c:\users\5jghkoaofdp\desktop\mv3nggj4w65.png png File users\5jghkoaofdp\desktop\villubaagv2dsjk7a.png users\5jghkoaofdp\desktop\villubaagv2dsjk7a.png c:\ c:\users\5jghkoaofdp\desktop\villubaagv2dsjk7a.png png File users\5jghkoaofdp\desktop\wvjrcaiyskl.jpg users\5jghkoaofdp\desktop\wvjrcaiyskl.jpg c:\ c:\users\5jghkoaofdp\desktop\wvjrcaiyskl.jpg jpg File users\5jghkoaofdp\desktop\c opbv-sts\gnoveg6hpj.doc users\5jghkoaofdp\desktop\c opbv-sts\gnoveg6hpj.doc c:\ c:\users\5jghkoaofdp\desktop\c opbv-sts\gnoveg6hpj.doc doc File users\5jghkoaofdp\desktop\c opbv-sts\hv1siahr-wdxqnisdtes.m4a users\5jghkoaofdp\desktop\c opbv-sts\hv1siahr-wdxqnisdtes.m4a c:\ c:\users\5jghkoaofdp\desktop\c opbv-sts\hv1siahr-wdxqnisdtes.m4a m4a File users\5jghkoaofdp\desktop\c opbv-sts\3zph\3gljwk8dnbmky\_epx.png users\5jghkoaofdp\desktop\c opbv-sts\3zph\3gljwk8dnbmky\_epx.png c:\ c:\users\5jghkoaofdp\desktop\c opbv-sts\3zph\3gljwk8dnbmky\_epx.png png File users\5jghkoaofdp\documents\kaaornrraztx\vksw t\9bweefny0rpp.ods users\5jghkoaofdp\documents\kaaornrraztx\vksw t\9bweefny0rpp.ods c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\vksw t\9bweefny0rpp.ods ods File users\5jghkoaofdp\documents\onenote notebooks\my notebook\open notebook.onetoc2 users\5jghkoaofdp\documents\onenote notebooks\my notebook\open notebook.onetoc2 c:\ c:\users\5jghkoaofdp\documents\onenote notebooks\my notebook\open notebook.onetoc2 onetoc2 File users\5jghkoaofdp\pictures\auoxltyrvw31 biyhvn.png users\5jghkoaofdp\pictures\auoxltyrvw31 biyhvn.png c:\ c:\users\5jghkoaofdp\pictures\auoxltyrvw31 biyhvn.png png File users\5jghkoaofdp\music\q0ua0ahepdpsiaueq0.mp3 users\5jghkoaofdp\music\q0ua0ahepdpsiaueq0.mp3 c:\ c:\users\5jghkoaofdp\music\q0ua0ahepdpsiaueq0.mp3 mp3 File users\5jghkoaofdp\music\fedb6bw2fnxwe\ittew9vaxdbq.m4a.lime users\5jghkoaofdp\music\fedb6bw2fnxwe\ittew9vaxdbq.m4a.lime c:\ c:\users\5jghkoaofdp\music\fedb6bw2fnxwe\ittew9vaxdbq.m4a.lime lime MD5 bc321946df2fb79b64c3fd4e4e4946e6 SHA1 3d97b8fd35439ef2969a0cd93d966d1e7e908de1 SHA256 03da487ed31144fba421d1e0456526c29ddfd99decd8b3923a4d3500cc940626 File users\5jghkoaofdp\desktop\2kzlcfwdx.mkv users\5jghkoaofdp\desktop\2kzlcfwdx.mkv c:\ c:\users\5jghkoaofdp\desktop\2kzlcfwdx.mkv mkv File users\5jghkoaofdp\desktop\7huc np.mkv users\5jghkoaofdp\desktop\7huc np.mkv c:\ c:\users\5jghkoaofdp\desktop\7huc np.mkv mkv File users\5jghkoaofdp\desktop\xcdhr9fnegvb5d0.pdf users\5jghkoaofdp\desktop\xcdhr9fnegvb5d0.pdf c:\ c:\users\5jghkoaofdp\desktop\xcdhr9fnegvb5d0.pdf pdf File users\5jghkoaofdp\desktop\rsvw596pft9dfxj qf8\7mq72ddmzjhmf.jpg users\5jghkoaofdp\desktop\rsvw596pft9dfxj qf8\7mq72ddmzjhmf.jpg c:\ c:\users\5jghkoaofdp\desktop\rsvw596pft9dfxj qf8\7mq72ddmzjhmf.jpg jpg File users\5jghkoaofdp\ntuser.dat users\5jghkoaofdp\ntuser.dat c:\ c:\users\5jghkoaofdp\ntuser.dat dat File microsoft microsoft c:\ c:\microsoft WinRegistryKey Software\Microsoft\.NETFramework HKEY_LOCAL_MACHINE DbgJITDebugLaunchSetting DbgManagedDebugger DbgJITDebugLaunchSetting DbgManagedDebugger DbgJITDebugLaunchSetting DbgManagedDebugger WinRegistryKey Software\ConsoleApplication1\ConsoleApplication1\1.0.0.0 HKEY_LOCAL_MACHINE File users\5jghkoaofdp\desktop\#decryptor.exe users\5jghkoaofdp\desktop\#decryptor.exe c:\ c:\users\5jghkoaofdp\desktop\#decryptor.exe exe File users\5jghkoaofdp\documents\-spm6vjb.odt.lime users\5jghkoaofdp\documents\-spm6vjb.odt.lime c:\ c:\users\5jghkoaofdp\documents\-spm6vjb.odt.lime lime File users\5jghkoaofdp\documents\0u2ya.docx.lime users\5jghkoaofdp\documents\0u2ya.docx.lime c:\ c:\users\5jghkoaofdp\documents\0u2ya.docx.lime lime File users\5jghkoaofdp\documents\7wwg1y1tq2o4xif.pdf.lime users\5jghkoaofdp\documents\7wwg1y1tq2o4xif.pdf.lime c:\ c:\users\5jghkoaofdp\documents\7wwg1y1tq2o4xif.pdf.lime lime File users\5jghkoaofdp\documents\9tmo3uu8-scl.xlsx.lime users\5jghkoaofdp\documents\9tmo3uu8-scl.xlsx.lime c:\ c:\users\5jghkoaofdp\documents\9tmo3uu8-scl.xlsx.lime lime File users\5jghkoaofdp\documents\aeghbubms5ntl.pptx.lime users\5jghkoaofdp\documents\aeghbubms5ntl.pptx.lime c:\ c:\users\5jghkoaofdp\documents\aeghbubms5ntl.pptx.lime lime File users\5jghkoaofdp\documents\c94gq1vfwvfbcdgwkd_.docx.lime users\5jghkoaofdp\documents\c94gq1vfwvfbcdgwkd_.docx.lime c:\ c:\users\5jghkoaofdp\documents\c94gq1vfwvfbcdgwkd_.docx.lime lime File users\5jghkoaofdp\documents\desktop.ini.lime users\5jghkoaofdp\documents\desktop.ini.lime c:\ c:\users\5jghkoaofdp\documents\desktop.ini.lime lime File users\5jghkoaofdp\documents\erhcl a2gbl1at.docx.lime users\5jghkoaofdp\documents\erhcl a2gbl1at.docx.lime c:\ c:\users\5jghkoaofdp\documents\erhcl a2gbl1at.docx.lime lime File users\5jghkoaofdp\documents\eyedf199l.xlsx.lime users\5jghkoaofdp\documents\eyedf199l.xlsx.lime c:\ c:\users\5jghkoaofdp\documents\eyedf199l.xlsx.lime lime File users\5jghkoaofdp\documents\g 5zx6m5n.docx.lime users\5jghkoaofdp\documents\g 5zx6m5n.docx.lime c:\ c:\users\5jghkoaofdp\documents\g 5zx6m5n.docx.lime lime File users\5jghkoaofdp\documents\gmur.xlsx.lime users\5jghkoaofdp\documents\gmur.xlsx.lime c:\ c:\users\5jghkoaofdp\documents\gmur.xlsx.lime lime File users\5jghkoaofdp\documents\h2pcxtbbfd di.xlsx.lime users\5jghkoaofdp\documents\h2pcxtbbfd di.xlsx.lime c:\ c:\users\5jghkoaofdp\documents\h2pcxtbbfd di.xlsx.lime lime File users\5jghkoaofdp\documents\iydmli-q8mf8cj.ppt.lime users\5jghkoaofdp\documents\iydmli-q8mf8cj.ppt.lime c:\ c:\users\5jghkoaofdp\documents\iydmli-q8mf8cj.ppt.lime lime File users\5jghkoaofdp\documents\my new app.accdb.lime users\5jghkoaofdp\documents\my new app.accdb.lime c:\ c:\users\5jghkoaofdp\documents\my new app.accdb.lime lime File users\5jghkoaofdp\documents\o9jfc-djnb qx4.pptx.lime users\5jghkoaofdp\documents\o9jfc-djnb qx4.pptx.lime c:\ c:\users\5jghkoaofdp\documents\o9jfc-djnb qx4.pptx.lime lime File users\5jghkoaofdp\documents\oczespochpv.csv.lime users\5jghkoaofdp\documents\oczespochpv.csv.lime c:\ c:\users\5jghkoaofdp\documents\oczespochpv.csv.lime lime File users\5jghkoaofdp\documents\oojiqe2ti5vbxcbhng2.docx.lime users\5jghkoaofdp\documents\oojiqe2ti5vbxcbhng2.docx.lime c:\ c:\users\5jghkoaofdp\documents\oojiqe2ti5vbxcbhng2.docx.lime lime File users\5jghkoaofdp\documents\opm-kssufbhrnfhi.pptx.lime users\5jghkoaofdp\documents\opm-kssufbhrnfhi.pptx.lime c:\ c:\users\5jghkoaofdp\documents\opm-kssufbhrnfhi.pptx.lime lime File users\5jghkoaofdp\documents\sbskabnlrtuf_m3v.pps.lime users\5jghkoaofdp\documents\sbskabnlrtuf_m3v.pps.lime c:\ c:\users\5jghkoaofdp\documents\sbskabnlrtuf_m3v.pps.lime lime File users\5jghkoaofdp\documents\vuzmaoyqtk9.xlsx.lime users\5jghkoaofdp\documents\vuzmaoyqtk9.xlsx.lime c:\ c:\users\5jghkoaofdp\documents\vuzmaoyqtk9.xlsx.lime lime File users\5jghkoaofdp\documents\vy83cxy9y.pptx.lime users\5jghkoaofdp\documents\vy83cxy9y.pptx.lime c:\ c:\users\5jghkoaofdp\documents\vy83cxy9y.pptx.lime lime File users\5jghkoaofdp\documents\wvqxspnlmsl.xlsx.lime users\5jghkoaofdp\documents\wvqxspnlmsl.xlsx.lime c:\ c:\users\5jghkoaofdp\documents\wvqxspnlmsl.xlsx.lime lime File users\5jghkoaofdp\documents\x7nab3sx5u.pptx.lime users\5jghkoaofdp\documents\x7nab3sx5u.pptx.lime c:\ c:\users\5jghkoaofdp\documents\x7nab3sx5u.pptx.lime lime File users\5jghkoaofdp\documents\kaaornrraztx\0r-udw4thkiupl-orh_.odt.lime users\5jghkoaofdp\documents\kaaornrraztx\0r-udw4thkiupl-orh_.odt.lime c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\0r-udw4thkiupl-orh_.odt.lime lime File users\5jghkoaofdp\documents\kaaornrraztx\b37k-lfrwivyw.pps.lime users\5jghkoaofdp\documents\kaaornrraztx\b37k-lfrwivyw.pps.lime c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\b37k-lfrwivyw.pps.lime lime File users\5jghkoaofdp\documents\kaaornrraztx\ghgjaavctako.odp.lime users\5jghkoaofdp\documents\kaaornrraztx\ghgjaavctako.odp.lime c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\ghgjaavctako.odp.lime lime File users\5jghkoaofdp\documents\kaaornrraztx\miqzp.pps.lime users\5jghkoaofdp\documents\kaaornrraztx\miqzp.pps.lime c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\miqzp.pps.lime lime File users\5jghkoaofdp\documents\kaaornrraztx\sjkbeubnh7w9.doc.lime users\5jghkoaofdp\documents\kaaornrraztx\sjkbeubnh7w9.doc.lime c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\sjkbeubnh7w9.doc.lime lime File users\5jghkoaofdp\documents\kaaornrraztx\sqfvqa7ma39tieo.pps.lime users\5jghkoaofdp\documents\kaaornrraztx\sqfvqa7ma39tieo.pps.lime c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\sqfvqa7ma39tieo.pps.lime lime File users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\pvdit6.pdf.lime users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\pvdit6.pdf.lime c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\pvdit6.pdf.lime lime File users\5jghkoaofdp\documents\my shapes\desktop.ini.lime users\5jghkoaofdp\documents\my shapes\desktop.ini.lime c:\ c:\users\5jghkoaofdp\documents\my shapes\desktop.ini.lime lime File users\5jghkoaofdp\documents\my shapes\favorites.vssx.lime users\5jghkoaofdp\documents\my shapes\favorites.vssx.lime c:\ c:\users\5jghkoaofdp\documents\my shapes\favorites.vssx.lime lime File users\5jghkoaofdp\documents\my shapes\_private\folder.ico.lime users\5jghkoaofdp\documents\my shapes\_private\folder.ico.lime c:\ c:\users\5jghkoaofdp\documents\my shapes\_private\folder.ico.lime lime File users\5jghkoaofdp\documents\outlook files\cjeijc.diuv@div.com.pst.lime users\5jghkoaofdp\documents\outlook files\cjeijc.diuv@div.com.pst.lime c:\ c:\users\5jghkoaofdp\documents\outlook files\cjeijc.diuv@div.com.pst.lime lime File users\5jghkoaofdp\pictures\8yzc.gif.lime users\5jghkoaofdp\pictures\8yzc.gif.lime c:\ c:\users\5jghkoaofdp\pictures\8yzc.gif.lime lime File users\5jghkoaofdp\music\fedb6bw2fnxwe\lbl5mdka70eza0p4h.wav.lime users\5jghkoaofdp\music\fedb6bw2fnxwe\lbl5mdka70eza0p4h.wav.lime c:\ c:\users\5jghkoaofdp\music\fedb6bw2fnxwe\lbl5mdka70eza0p4h.wav.lime lime File users\5jghkoaofdp\documents\-spm6vjb.odt users\5jghkoaofdp\documents\-spm6vjb.odt c:\ c:\users\5jghkoaofdp\documents\-spm6vjb.odt odt File users\5jghkoaofdp\documents\0u2ya.docx users\5jghkoaofdp\documents\0u2ya.docx c:\ c:\users\5jghkoaofdp\documents\0u2ya.docx docx File users\5jghkoaofdp\documents\7wwg1y1tq2o4xif.pdf users\5jghkoaofdp\documents\7wwg1y1tq2o4xif.pdf c:\ c:\users\5jghkoaofdp\documents\7wwg1y1tq2o4xif.pdf pdf File users\5jghkoaofdp\documents\9tmo3uu8-scl.xlsx users\5jghkoaofdp\documents\9tmo3uu8-scl.xlsx c:\ c:\users\5jghkoaofdp\documents\9tmo3uu8-scl.xlsx xlsx File users\5jghkoaofdp\documents\aeghbubms5ntl.pptx users\5jghkoaofdp\documents\aeghbubms5ntl.pptx c:\ c:\users\5jghkoaofdp\documents\aeghbubms5ntl.pptx pptx File users\5jghkoaofdp\documents\c94gq1vfwvfbcdgwkd_.docx users\5jghkoaofdp\documents\c94gq1vfwvfbcdgwkd_.docx c:\ c:\users\5jghkoaofdp\documents\c94gq1vfwvfbcdgwkd_.docx docx File users\5jghkoaofdp\documents\desktop.ini users\5jghkoaofdp\documents\desktop.ini c:\ c:\users\5jghkoaofdp\documents\desktop.ini ini File users\5jghkoaofdp\documents\erhcl a2gbl1at.docx users\5jghkoaofdp\documents\erhcl a2gbl1at.docx c:\ c:\users\5jghkoaofdp\documents\erhcl a2gbl1at.docx docx File users\5jghkoaofdp\documents\eyedf199l.xlsx users\5jghkoaofdp\documents\eyedf199l.xlsx c:\ c:\users\5jghkoaofdp\documents\eyedf199l.xlsx xlsx File users\5jghkoaofdp\documents\g 5zx6m5n.docx users\5jghkoaofdp\documents\g 5zx6m5n.docx c:\ c:\users\5jghkoaofdp\documents\g 5zx6m5n.docx docx File users\5jghkoaofdp\documents\gmur.xlsx users\5jghkoaofdp\documents\gmur.xlsx c:\ c:\users\5jghkoaofdp\documents\gmur.xlsx xlsx File users\5jghkoaofdp\documents\h2pcxtbbfd di.xlsx users\5jghkoaofdp\documents\h2pcxtbbfd di.xlsx c:\ c:\users\5jghkoaofdp\documents\h2pcxtbbfd di.xlsx xlsx File users\5jghkoaofdp\documents\iydmli-q8mf8cj.ppt users\5jghkoaofdp\documents\iydmli-q8mf8cj.ppt c:\ c:\users\5jghkoaofdp\documents\iydmli-q8mf8cj.ppt ppt File users\5jghkoaofdp\documents\my new app.accdb users\5jghkoaofdp\documents\my new app.accdb c:\ c:\users\5jghkoaofdp\documents\my new app.accdb accdb MD5 c45d578f9e9a1266af3cc6e5e97ba22c SHA1 6c88ea4d469d67607c080ff382d00a99b1d1848f SHA256 540d34f9fdd75b168b375af16a03fb56931cc091f3307e93b4c00ec425005b44 File users\5jghkoaofdp\documents\o9jfc-djnb qx4.pptx users\5jghkoaofdp\documents\o9jfc-djnb qx4.pptx c:\ c:\users\5jghkoaofdp\documents\o9jfc-djnb qx4.pptx pptx File users\5jghkoaofdp\documents\oczespochpv.csv users\5jghkoaofdp\documents\oczespochpv.csv c:\ c:\users\5jghkoaofdp\documents\oczespochpv.csv csv File users\5jghkoaofdp\documents\oojiqe2ti5vbxcbhng2.docx users\5jghkoaofdp\documents\oojiqe2ti5vbxcbhng2.docx c:\ c:\users\5jghkoaofdp\documents\oojiqe2ti5vbxcbhng2.docx docx File users\5jghkoaofdp\documents\opm-kssufbhrnfhi.pptx users\5jghkoaofdp\documents\opm-kssufbhrnfhi.pptx c:\ c:\users\5jghkoaofdp\documents\opm-kssufbhrnfhi.pptx pptx MD5 7e44c83622cf642a687436b19bbdf7c5 SHA1 5257ebcbfe67babe8da4af6a572ba0b5f1ebf35b SHA256 6495949d27728f9ab2513312a2372533c3d6d129fbe1a97c43f91aebd3e36de9 File users\5jghkoaofdp\documents\sbskabnlrtuf_m3v.pps users\5jghkoaofdp\documents\sbskabnlrtuf_m3v.pps c:\ c:\users\5jghkoaofdp\documents\sbskabnlrtuf_m3v.pps pps MD5 ede2a099d42c2e374add4cf4ed6d8a66 SHA1 9fac5bd2d032ac39299e49a47fb09cb5dd81d0ca SHA256 7efc6b3cee4c81707c2b7cf4debe15932f70e2a0e347dc9ca6a78056f1d17665 File users\5jghkoaofdp\documents\vuzmaoyqtk9.xlsx users\5jghkoaofdp\documents\vuzmaoyqtk9.xlsx c:\ c:\users\5jghkoaofdp\documents\vuzmaoyqtk9.xlsx xlsx MD5 97b5850dcd3d927977faeef6ec644fc0 SHA1 2af6bec46ea945bf863fedf9a49a54b869398c7e SHA256 76427017d90f9a394db4b8c58bec354b8b41e7864edfd50e0228116a38c6cdc5 File users\5jghkoaofdp\documents\vy83cxy9y.pptx users\5jghkoaofdp\documents\vy83cxy9y.pptx c:\ c:\users\5jghkoaofdp\documents\vy83cxy9y.pptx pptx MD5 1d8a7b969ceffa682c848fc0b28a2d22 SHA1 701ae2a769a783b87e2b46193b13b1f6d5af6742 SHA256 6b5310ad5e9a05d2d15893db1024d69735f09319d52f5f5f90f6c67763b63ce4 File users\5jghkoaofdp\documents\wvqxspnlmsl.xlsx users\5jghkoaofdp\documents\wvqxspnlmsl.xlsx c:\ c:\users\5jghkoaofdp\documents\wvqxspnlmsl.xlsx xlsx File users\5jghkoaofdp\documents\x7nab3sx5u.pptx users\5jghkoaofdp\documents\x7nab3sx5u.pptx c:\ c:\users\5jghkoaofdp\documents\x7nab3sx5u.pptx pptx File users\5jghkoaofdp\documents\kaaornrraztx\0r-udw4thkiupl-orh_.odt users\5jghkoaofdp\documents\kaaornrraztx\0r-udw4thkiupl-orh_.odt c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\0r-udw4thkiupl-orh_.odt odt File users\5jghkoaofdp\documents\kaaornrraztx\b37k-lfrwivyw.pps users\5jghkoaofdp\documents\kaaornrraztx\b37k-lfrwivyw.pps c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\b37k-lfrwivyw.pps pps File users\5jghkoaofdp\documents\kaaornrraztx\ghgjaavctako.odp users\5jghkoaofdp\documents\kaaornrraztx\ghgjaavctako.odp c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\ghgjaavctako.odp odp MD5 133115af56e424faf213adbd499d2a62 SHA1 4eed0715e868fe993aecfd668632e0d29813361a SHA256 b432cea438644d72e9b27f52704db1bfc26b5fb3d3922f23ef042ab553fc5b38 File users\5jghkoaofdp\documents\kaaornrraztx\miqzp.pps users\5jghkoaofdp\documents\kaaornrraztx\miqzp.pps c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\miqzp.pps pps MD5 ac96e352209a62467275e902ac3351e6 SHA1 09fb35368d6f79f3e89b345df2d4f44337f00a08 SHA256 761cea0b1c9d61215a481c300ddf15a3427be7b5f32ba8564edec23becf097bb File users\5jghkoaofdp\documents\kaaornrraztx\sjkbeubnh7w9.doc users\5jghkoaofdp\documents\kaaornrraztx\sjkbeubnh7w9.doc c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\sjkbeubnh7w9.doc doc MD5 c70ea899fb2f0ebe752b448cddb37ea9 SHA1 c25aaa40c4e8c2b1f0d0db77f960ba0b80c70060 SHA256 c44f4fd12538fe0d64d47517d212ba3aaa1fdad1588afaf198ab5161646e4b21 File users\5jghkoaofdp\documents\kaaornrraztx\sqfvqa7ma39tieo.pps users\5jghkoaofdp\documents\kaaornrraztx\sqfvqa7ma39tieo.pps c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\sqfvqa7ma39tieo.pps pps MD5 8848697dc3f2d84ce39e5cc9dd05aa48 SHA1 714c58ac882aeadffdad48d6824aa1ddf4862f07 SHA256 f88e6e581e1d51fb0e1eeb4db2246f92a5d885fe6d6e6ef24adaf4b93cc04774 File users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\lksfxnysxlvz37r4o.ppt users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\lksfxnysxlvz37r4o.ppt c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\lksfxnysxlvz37r4o.ppt ppt MD5 cb36d07465657ab460d8553a2391194a SHA1 5c6b28582292b1e7684a31f931f428c981f444cb SHA256 2022cb33b3c14bf23a99a7bc1052d3fb8c2b51b0ade81c1b8063bd3cefd819a1 File users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\pvdit6.pdf users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\pvdit6.pdf c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\pvdit6.pdf pdf File users\5jghkoaofdp\documents\my shapes\desktop.ini users\5jghkoaofdp\documents\my shapes\desktop.ini c:\ c:\users\5jghkoaofdp\documents\my shapes\desktop.ini ini File users\5jghkoaofdp\documents\my shapes\favorites.vssx users\5jghkoaofdp\documents\my shapes\favorites.vssx c:\ c:\users\5jghkoaofdp\documents\my shapes\favorites.vssx vssx File users\5jghkoaofdp\documents\my shapes\_private\folder.ico users\5jghkoaofdp\documents\my shapes\_private\folder.ico c:\ c:\users\5jghkoaofdp\documents\my shapes\_private\folder.ico ico File users\5jghkoaofdp\documents\onenote notebooks\my notebook\quick notes.one users\5jghkoaofdp\documents\onenote notebooks\my notebook\quick notes.one c:\ c:\users\5jghkoaofdp\documents\onenote notebooks\my notebook\quick notes.one one MD5 8225e9a335045f929e70f16497be6a6e SHA1 967a519bee766ec649faa21cf2d5641a5c858353 SHA256 7420b80abec64b239c7823ab16d3b00914c10e1b35a50350391ba96cc579e81a File users\5jghkoaofdp\documents\outlook files\cjeijc.diuv@div.com.pst users\5jghkoaofdp\documents\outlook files\cjeijc.diuv@div.com.pst c:\ c:\users\5jghkoaofdp\documents\outlook files\cjeijc.diuv@div.com.pst pst File users\5jghkoaofdp\pictures\8yzc.gif users\5jghkoaofdp\pictures\8yzc.gif c:\ c:\users\5jghkoaofdp\pictures\8yzc.gif gif File users\5jghkoaofdp\music\fedb6bw2fnxwe\ittew9vaxdbq.m4a users\5jghkoaofdp\music\fedb6bw2fnxwe\ittew9vaxdbq.m4a c:\ c:\users\5jghkoaofdp\music\fedb6bw2fnxwe\ittew9vaxdbq.m4a m4a MD5 9c6d979affdd7860884bb04c98d10afa SHA1 b0fedebe8cd378113eab7e494f560583c16e57fe SHA256 325dcda1b80ee42747d77d69ee1a91c512ac806099b440df64f942a18724446b File users\5jghkoaofdp\music\fedb6bw2fnxwe\lbl5mdka70eza0p4h.wav users\5jghkoaofdp\music\fedb6bw2fnxwe\lbl5mdka70eza0p4h.wav c:\ c:\users\5jghkoaofdp\music\fedb6bw2fnxwe\lbl5mdka70eza0p4h.wav wav MD5 b53e14cc282779545cf989170687d987 SHA1 0e7841b54bd3dd81d48fd2aeb211d15030b799f5 SHA256 17e53cb0c9bd954dddb7d5c56fa4d4c464b5fddb6f8245d586f3cfab73e0358a File users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\lksfxnysxlvz37r4o.ppt.lime users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\lksfxnysxlvz37r4o.ppt.lime c:\ c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\lksfxnysxlvz37r4o.ppt.lime lime File users\5jghkoaofdp\documents\onenote notebooks\my notebook\quick notes.one.lime users\5jghkoaofdp\documents\onenote notebooks\my notebook\quick notes.one.lime c:\ c:\users\5jghkoaofdp\documents\onenote notebooks\my notebook\quick notes.one.lime lime File users\5jghkoaofdp\music\fedb6bw2fnxwe\ittew9vaxdbq.m4a.lime users\5jghkoaofdp\music\fedb6bw2fnxwe\ittew9vaxdbq.m4a.lime c:\ c:\users\5jghkoaofdp\music\fedb6bw2fnxwe\ittew9vaxdbq.m4a.lime lime WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER #Decryptor #Decryptor C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe REG_SZ WinRegistryKey Software\Microsoft\Internet Explorer\Main HKEY_CURRENT_USER Anchor Underline Anchor Underline File users\5jghkoaofdp\desktop\#decryptor.exe users\5jghkoaofdp\desktop\#decryptor.exe c:\ c:\users\5jghkoaofdp\desktop\#decryptor.exe exe WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER #Decryptor #Decryptor C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe REG_SZ WinRegistryKey Software\Microsoft\Internet Explorer\Main HKEY_CURRENT_USER Anchor Underline Anchor Underline Analyzed Sample #20929 Malware Artifacts 20929 Sample-ID: #20929 Job-ID: #16709 This sample was analyzed by VMRay Analyzer 2.2.0 on a Windows 8.1 system 0 VTI Score based on VTI Database Version 2.6 Metadata of Sample File #20929 Submission-ID: #21846 C:\Users\5JgHKoaOfdp\Desktop\Crypt.exe exe MD5 e1b571f1ad5266156c8233fa0d2ba1e0 SHA1 dcec2db3a228baeef3c629991743fc7e39bfaab6 SHA256 9dbd7b3133c9bc80b9ed83712d488d014b856c8814a268871046a30c4b6fc6ae Opened_By Metadata of Analysis for Job-ID #16709 Timeout False x86 64-bit 6.3.9600.17031 (6066913d-fbad-4ef6-b754-e136c12beca3) win8.1_64 True 196.514 Windows 8.1 This is a property collection for additional information of VMRay analysis VMRay Analyzer Masquerade VTI rule match with VTI rule score 1/5 vmray_change_folder_appearance Folder "c:\users\5jghkoaofdp\documents" has a changed appearance. Change folder appearance Masquerade VTI rule match with VTI rule score 1/5 vmray_change_folder_appearance Folder "c:\users\5jghkoaofdp\documents\my shapes" has a changed appearance. Change folder appearance Masquerade VTI rule match with VTI rule score 1/5 vmray_change_folder_appearance Folder "c:\users\5jghkoaofdp\music" has a changed appearance. Change folder appearance File System VTI rule match with VTI rule score 4/5 vmray_delete_user_files Delete multiple user files. This is an indicator for ransomware or wiper malware. Delete user files Persistence VTI rule match with VTI rule score 1/5 vmray_install_startup_script_by_registry Add "C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe" to windows startup via registry. Install system startup script or application Device VTI rule match with VTI rule score 1/5 vmray_hook_mouse_by_keystate_api Frequently read the state of a mouse button by API. Monitor mouse movements and clicks