WannaCry Ransomware | Files
Try VMRay Analyzer
File Information
Sample files count 1
Created files count 215
Modified files count 82
Remarks The maximum number of extracted files was reached during the analysis. Some files may be missing in the reports. You can increase the limit in the configuration.
c:\users\dssdpmx042\desktop\WanaDecrypt0r.bin.exe
-
File Properties
Names c:\users\dssdpmx042\desktop\WanaDecrypt0r.bin.exe (Sample File)
Size 3.55 MB (3723264 bytes)
Hash Values MD5: db349b97c37d22f5ea1d1841e3c89eb4
SHA1: e889544aff85ffaf8b0d0da705105dee7c97fe26
SHA256: 24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c
Actions
PE Information
+
File Properties
Image Base 0x400000
Entry Point 0x409a16
Size Of Code 0x9000
Size Of Initialized Data 0x383000
Size Of Uninitialized Data 0x0
Format x86
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2010-11-20 10:03:08
Compiler/Packer Armadillo v1.71
Sections (4)
+
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x8bca 0x9000 0x1000 CNT_CODE, MEM_EXECUTE, MEM_READ 6.13
.rdata 0x40a000 0x998 0x1000 0xa000 CNT_INITIALIZED_DATA, MEM_READ 3.5
.data 0x40b000 0x30489c 0x27000 0xb000 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 6.1
.rsrc 0x710000 0x35a454 0x35b000 0x32000 CNT_INITIALIZED_DATA, MEM_READ Unknown
c:\windows\tasksche.exe, ...
-
File Properties
Names c:\windows\tasksche.exe (Created File)
c:\programdata\qxtqusdnjzrizx418\tasksche.exe (Created File)
Size 3.35 MB (3514368 bytes)
Hash Values MD5: 84c82835a5d21bbcf75a61706d8ab549
SHA1: 5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
SHA256: ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
Actions
PE Information
+
File Properties
Image Base 0x400000
Entry Point 0x4077ba
Size Of Code 0x7000
Size Of Initialized Data 0x352000
Size Of Uninitialized Data 0x0
Format x86
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2010-11-20 10:05:05
Compiler/Packer Armadillo v1.71
Sections (4)
+
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x69b0 0x7000 0x1000 CNT_CODE, MEM_EXECUTE, MEM_READ 6.4
.rdata 0x408000 0x5f70 0x6000 0x8000 CNT_INITIALIZED_DATA, MEM_READ 6.66
.data 0x40e000 0x1958 0x2000 0xe000 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 4.46
.rsrc 0x410000 0x349fa0 0x34a000 0x10000 CNT_INITIALIZED_DATA, MEM_READ Unknown
c:\programdata\qxtqusdnjzrizx418\tasksche.exe, ...
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\tasksche.exe (Created File)
c:\programdata\qxtqusdnjzrizx418\@wanadecryptor@.exe (Created File)
c:\users\default\desktop\~sd927e.tmp (Created File)
c:\users\default\desktop\~sd92dd.tmp (Created File)
c:\users\dssdpmx042\desktop\~sd92ed.tmp (Created File)
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\~sd9761.tmp (Created File)
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\0qdvmg\~sd97c0.tmp (Created File)
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\k8vahpvastg\~sd983e.tmp (Created File)
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\~sd98ac.tmp (Created File)
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\~sd98dc.tmp (Created File)
c:\users\public\desktop\~sda1e1.tmp (Created File)
c:\users\default\documents\~sda433.tmp (Created File)
c:\users\default\documents\~sda444.tmp (Created File)
c:\users\dssdpmx042\documents\~sda493.tmp (Created File)
c:\users\dssdpmx042\documents\z-zdwb\~sdb085.tmp (Created File)
c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\~sdb289.tmp (Created File)
c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\3e4ho\~sdb2f7.tmp (Created File)
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\~sdb356.tmp (Created File)
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\tedc-nspy xfvlw3\~sdb412.tmp (Created File)
c:\users\public\documents\~sdb72f.tmp (Created File)
c:\~sdb73f.tmp (Created File)
c:\$recycle.bin\~sdb79e.tmp (Created File)
c:\$recycle.bin\s-1-5-21-3385616887-338319549-3229196192-1000\~sdb79f.tmp (Created File)
c:\boot\~sdb7bf.tmp (Created File)
c:\boot\cs-cz\~sdb81e.tmp (Created File)
c:\boot\da-dk\~sdb82e.tmp (Created File)
c:\boot\de-de\~sdb84f.tmp (Created File)
c:\boot\el-gr\~sdb85f.tmp (Created File)
c:\boot\en-us\~sdb870.tmp (Created File)
c:\boot\es-es\~sdb890.tmp (Created File)
c:\boot\fi-fi\~sdb8b0.tmp (Created File)
c:\boot\fonts\~sdb8e0.tmp (Created File)
c:\boot\fr-fr\~sdb93f.tmp (Created File)
c:\boot\hu-hu\~sdb95f.tmp (Created File)
c:\boot\it-it\~sdb96f.tmp (Created File)
c:\boot\ja-jp\~sdb980.tmp (Created File)
c:\boot\ko-kr\~sdb991.tmp (Created File)
c:\boot\nb-no\~sdb9a1.tmp (Created File)
c:\boot\nl-nl\~sdb9b2.tmp (Created File)
c:\boot\pl-pl\~sdb9c2.tmp (Created File)
c:\boot\pt-br\~sdb9d3.tmp (Created File)
c:\boot\pt-pt\~sdb9e4.tmp (Created File)
c:\boot\ru-ru\~sdb9e5.tmp (Created File)
c:\boot\sv-se\~sdb9f5.tmp (Created File)
c:\boot\tr-tr\~sdb9f6.tmp (Created File)
c:\boot\zh-cn\~sdba07.tmp (Created File)
c:\boot\zh-hk\~sdba17.tmp (Created File)
c:\boot\zh-tw\~sdba18.tmp (Created File)
c:\perflogs\~sdba29.tmp (Created File)
c:\perflogs\admin\~sdba2a.tmp (Created File)
c:\recovery\~sdba2b.tmp (Created File)
c:\recovery\a8ef0822-7920-11e5-85b1-fee83b99d226\~sdba3c.tmp (Created File)
c:\system volume information\~sdba4c.tmp (Created File)
c:\system volume information\spp\~sdba8c.tmp (Created File)
c:\system volume information\spp\onlinemetadatacache\~sdba9c.tmp (Created File)
c:\system volume information\spp\sppcbshivestore\~sdbaad.tmp (Created File)
c:\system volume information\spp\sppgroupcache\~sdbaae.tmp (Created File)
c:\users\~sdbabe.tmp (Created File)
c:\programdata\~sdbacf.tmp (Created File)
c:\programdata\microsoft\~sdbaff.tmp (Created File)
c:\programdata\microsoft\assistance\~sdbb2f.tmp (Created File)
c:\programdata\microsoft\assistance\client\~sdbb30.tmp (Created File)
c:\programdata\microsoft\assistance\client\1.0\~sdbb31.tmp (Created File)
c:\programdata\microsoft\assistance\client\1.0\en-us\~sdbb41.tmp (Created File)
c:\programdata\microsoft\crypto\~sdbb52.tmp (Created File)
c:\programdata\microsoft\crypto\dss\~sdbb53.tmp (Created File)
c:\programdata\microsoft\crypto\dss\machinekeys\~sdbb54.tmp (Created File)
c:\programdata\microsoft\crypto\keys\~sdbb64.tmp (Created File)
c:\programdata\microsoft\crypto\rsa\~sdbb65.tmp (Created File)
c:\programdata\microsoft\crypto\rsa\machinekeys\~sdbb66.tmp (Created File)
c:\programdata\microsoft\crypto\rsa\s-1-5-18\~sdbb77.tmp (Created File)
c:\programdata\microsoft\device stage\~sdbb78.tmp (Created File)
c:\programdata\microsoft\device stage\device\~sdbb89.tmp (Created File)
c:\programdata\microsoft\device stage\device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\~sdbb8a.tmp (Created File)
c:\programdata\microsoft\device stage\device\{8702d817-5aad-4674-9ef3-4d3decd87120}\~sdbb9a.tmp (Created File)
c:\programdata\microsoft\device stage\task\~sdbb9b.tmp (Created File)
c:\programdata\microsoft\device stage\task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\~sdbb9c.tmp (Created File)
c:\programdata\microsoft\device stage\task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-us\~sdbbad.tmp (Created File)
c:\programdata\microsoft\device stage\task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\~sdbbae.tmp (Created File)
c:\programdata\microsoft\device stage\task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-us\~sdbbbe.tmp (Created File)
c:\programdata\microsoft\devicesync\~sdbbcf.tmp (Created File)
c:\programdata\microsoft\drm\~sdbbd0.tmp (Created File)
c:\programdata\microsoft\drm\server\~sdbbe1.tmp (Created File)
c:\programdata\microsoft\ehome\~sdbbe2.tmp (Created File)
c:\programdata\microsoft\ehome\logs\~sdbbe3.tmp (Created File)
c:\programdata\microsoft\event viewer\~sdbbe4.tmp (Created File)
c:\programdata\microsoft\event viewer\views\~sdbbf4.tmp (Created File)
c:\programdata\microsoft\event viewer\views\applicationviewsrootnode\~sdbbf5.tmp (Created File)
c:\programdata\microsoft\identitycrl\~sdbbf6.tmp (Created File)
c:\programdata\microsoft\media player\~sdbc07.tmp (Created File)
c:\programdata\microsoft\mf\~sdbc08.tmp (Created File)
c:\programdata\microsoft\network\~sdbc09.tmp (Created File)
c:\programdata\microsoft\network\connections\~sdbc0a.tmp (Created File)
c:\programdata\microsoft\network\downloader\~sdbc59.tmp (Created File)
c:\programdata\microsoft\rac\~sdbc5a.tmp (Created File)
c:\programdata\microsoft\rac\outbound\~sdbc6a.tmp (Created File)
c:\programdata\microsoft\rac\publisheddata\~sdbc7b.tmp (Created File)
c:\programdata\microsoft\rac\statedata\~sdbc7c.tmp (Created File)
c:\programdata\microsoft\rac\temp\~sdbc7d.tmp (Created File)
c:\programdata\microsoft\search\~sdbc7e.tmp (Created File)
c:\programdata\microsoft\search\data\~sdbc8f.tmp (Created File)
c:\programdata\microsoft\search\data\applications\~sdbc90.tmp (Created File)
c:\programdata\microsoft\search\data\applications\windows\~sdbca0.tmp (Created File)
c:\programdata\microsoft\search\data\applications\windows\config\~sdbca1.tmp (Created File)
c:\programdata\microsoft\search\data\applications\windows\gatherlogs\~sdbca2.tmp (Created File)
c:\programdata\microsoft\search\data\applications\windows\gatherlogs\systemindex\~sdbcb3.tmp (Created File)
c:\programdata\microsoft\search\data\applications\windows\projects\~sdbcb4.tmp (Created File)
c:\programdata\microsoft\search\data\applications\windows\projects\systemindex\~sdbcb5.tmp (Created File)
c:\programdata\microsoft\search\data\applications\windows\projects\systemindex\indexer\~sdbcb6.tmp (Created File)
c:\programdata\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\~sdbcb7.tmp (Created File)
c:\programdata\microsoft\search\data\applications\windows\projects\systemindex\propmap\~sdbcb8.tmp (Created File)
c:\programdata\microsoft\search\data\applications\windows\projects\systemindex\secstore\~sdbcb9.tmp (Created File)
c:\programdata\microsoft\search\data\temp\~sdbcba.tmp (Created File)
c:\programdata\microsoft\user account pictures\~sdbcbb.tmp (Created File)
c:\programdata\microsoft\user account pictures\default pictures\~sdbccb.tmp (Created File)
c:\programdata\microsoft\vault\~sdbcdc.tmp (Created File)
c:\programdata\microsoft\windows\~sdbcdd.tmp (Created File)
c:\programdata\microsoft\windows\ait\~sdbcde.tmp (Created File)
c:\programdata\microsoft\windows\caches\~sdbcef.tmp (Created File)
c:\programdata\microsoft\windows\devicemetadatastore\~sdbcf0.tmp (Created File)
c:\programdata\microsoft\windows\devicemetadatastore\en-us\~sdbd00.tmp (Created File)
c:\programdata\microsoft\windows\drm\~sdbd11.tmp (Created File)
c:\programdata\microsoft\windows\drm\cache\~sdbd12.tmp (Created File)
c:\programdata\microsoft\windows\gameexplorer\~sdbd13.tmp (Created File)
c:\programdata\microsoft\windows\power efficiency diagnostics\~sdbd23.tmp (Created File)
c:\programdata\microsoft\windows\ringtones\~sdbd24.tmp (Created File)
c:\programdata\microsoft\windows\sqm\~sdbd45.tmp (Created File)
c:\programdata\microsoft\windows\sqm\manifest\~sdbd55.tmp (Created File)
c:\programdata\microsoft\windows\sqm\sessions\~sdbd56.tmp (Created File)
c:\programdata\microsoft\windows\sqm\upload\~sdbd57.tmp (Created File)
c:\programdata\microsoft\windows\start menu\~sdbd58.tmp (Created File)
c:\programdata\microsoft\windows\start menu\programs\~sdbd78.tmp (Created File)
c:\programdata\microsoft\windows\start menu\programs\accessories\~sdbd79.tmp (Created File)
c:\programdata\microsoft\windows\start menu\programs\accessories\accessibility\~sdbd8a.tmp (Created File)
c:\programdata\microsoft\windows\start menu\programs\accessories\system tools\~sdbd9b.tmp (Created File)
c:\programdata\microsoft\windows\start menu\programs\accessories\tablet pc\~sdbd9c.tmp (Created File)
c:\programdata\microsoft\windows\start menu\programs\accessories\windows powershell\~sdbdac.tmp (Created File)
c:\programdata\microsoft\windows\start menu\programs\administrative tools\~sdbdad.tmp (Created File)
c:\programdata\microsoft\windows\start menu\programs\games\~sdbdae.tmp (Created File)
c:\programdata\microsoft\windows\start menu\programs\java\~sdbdbf.tmp (Created File)
c:\programdata\microsoft\windows\start menu\programs\maintenance\~sdbdc0.tmp (Created File)
c:\programdata\microsoft\windows\start menu\programs\startup\~sdbe3e.tmp (Created File)
c:\programdata\microsoft\windows\start menu\programs\tablet pc\~sdbe3f.tmp (Created File)
c:\programdata\microsoft\windows\templates\~sdbe4f.tmp (Created File)
c:\programdata\microsoft\windows\wer\~sdbe50.tmp (Created File)
c:\programdata\microsoft\windows\wer\reportarchive\~sdbe61.tmp (Created File)
c:\programdata\microsoft\windows\wer\reportarchive\noncritical_x86_38e744f5ed92b6643d4610f93acebec71c7d44_03443294\~sdbe62.tmp (Created File)
c:\programdata\microsoft\windows\wer\reportarchive\noncritical_x86_5164e364f554d49c65173057b5da44f5956558a_03444874\~sdbe63.tmp (Created File)
c:\programdata\microsoft\windows\wer\reportarchive\noncritical_x86_7125ba86c55facb797ac343822852efc7fde5bb0_03681e87\~sdbe64.tmp (Created File)
c:\programdata\microsoft\windows\wer\reportqueue\~sdbe74.tmp (Created File)
c:\programdata\microsoft\windows defender\~sdbe85.tmp (Created File)
c:\programdata\microsoft\windows defender\definition updates\~sdbe86.tmp (Created File)
c:\programdata\microsoft\windows defender\definition updates\backup\~sdbe97.tmp (Created File)
c:\programdata\microsoft\windows defender\definition updates\updates\~sdbe98.tmp (Created File)
c:\programdata\microsoft\windows defender\definition updates\{21833c5a-be0d-427d-b68e-efa18747b9cf}\~sdbeb8.tmp (Created File)
c:\programdata\microsoft\windows defender\localcopy\~sdbeb9.tmp (Created File)
c:\programdata\microsoft\windows defender\quarantine\~sdbec9.tmp (Created File)
c:\programdata\microsoft\windows defender\scans\~sdbeca.tmp (Created File)
c:\programdata\microsoft\windows defender\scans\cleanstore\~sdbedb.tmp (Created File)
c:\programdata\microsoft\windows defender\scans\cleanstore\entries\~sdbefb.tmp (Created File)
c:\programdata\microsoft\windows defender\scans\cleanstore\resourcedata\~sdbefc.tmp (Created File)
c:\programdata\microsoft\windows defender\scans\cleanstore\resources\~sdbf0d.tmp (Created File)
c:\programdata\microsoft\windows defender\scans\history\~sdbf0e.tmp (Created File)
c:\programdata\microsoft\windows defender\scans\history\cachemanager\~sdbf0f.tmp (Created File)
c:\programdata\microsoft\windows defender\scans\history\results\~sdbf1f.tmp (Created File)
c:\programdata\microsoft\windows defender\scans\history\results\resource\~sdbf20.tmp (Created File)
c:\programdata\microsoft\windows defender\scans\history\service\~sdbf41.tmp (Created File)
c:\programdata\microsoft\windows defender\scans\history\store\~sdbf42.tmp (Created File)
c:\programdata\microsoft\windows defender\support\~sdbf43.tmp (Created File)
c:\programdata\microsoft\windows nt\~sdbf53.tmp (Created File)
c:\programdata\microsoft\windows nt\msfax\~sdbf64.tmp (Created File)
c:\programdata\microsoft\windows nt\msfax\activitylog\~sdbf65.tmp (Created File)
c:\programdata\microsoft\windows nt\msfax\common coverpages\~sdbf75.tmp (Created File)
c:\programdata\microsoft\windows nt\msfax\common coverpages\en-us\~sdbf86.tmp (Created File)
c:\programdata\microsoft\windows nt\msfax\inbox\~sdbf87.tmp (Created File)
c:\programdata\microsoft\windows nt\msfax\queue\~sdbf88.tmp (Created File)
c:\programdata\microsoft\windows nt\msfax\sentitems\~sdbf99.tmp (Created File)
c:\programdata\microsoft\windows nt\msfax\virtualinbox\~sdbf9a.tmp (Created File)
c:\programdata\microsoft\windows nt\msfax\virtualinbox\en-us\~sdbf9b.tmp (Created File)
c:\programdata\microsoft\windows nt\msscan\~sdbfab.tmp (Created File)
c:\programdata\microsoft\wwansvc\~sdc048.tmp (Created File)
c:\programdata\mozilla\~sdc0c7.tmp (Created File)
c:\programdata\mozilla\logs\~sdc0c8.tmp (Created File)
c:\programdata\oracle\~sdc0d9.tmp (Created File)
c:\programdata\oracle\java\~sdc0da.tmp (Created File)
Size 0.00 KB (0 bytes)
Hash Values MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
c:\programdata\qxtqusdnjzrizx418\b.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\b.wnry (Created File)
Size 1.37 MB (1440054 bytes)
Hash Values MD5: c17170262312f3be7027bc2ca825bf0c
SHA1: f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256: d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
Actions
c:\programdata\qxtqusdnjzrizx418\c.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\c.wnry (Created File)
Size 0.76 KB (780 bytes)
Hash Values MD5: ae08f79a0d800b82fcbe1b43cdbdbefc
SHA1: f6b08523b1a836e2112875398ffefffde98ad3ca
SHA256: 055c7760512c98c8d51e4427227fe2a7ea3b34ee63178fe78631fa8aa6d15622
Actions
c:\programdata\qxtqusdnjzrizx418\msg\m_bulgarian.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\msg\m_bulgarian.wnry (Created File)
Size 46.76 KB (47879 bytes)
Hash Values MD5: 95673b0f968c0f55b32204361940d184
SHA1: 81e427d15a1a826b93e91c3d2fa65221c8ca9cff
SHA256: 40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd
Actions
c:\programdata\qxtqusdnjzrizx418\msg\m_chinese (simplified).wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\msg\m_chinese (simplified).wnry (Created File)
Size 53.08 KB (54359 bytes)
Hash Values MD5: 0252d45ca21c8e43c9742285c48e91ad
SHA1: 5c14551d2736eef3a1c1970cc492206e531703c1
SHA256: 845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a
Actions
c:\programdata\qxtqusdnjzrizx418\msg\m_chinese (traditional).wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\msg\m_chinese (traditional).wnry (Created File)
Size 77.49 KB (79346 bytes)
Hash Values MD5: 2efc3690d67cd073a9406a25005f7cea
SHA1: 52c07f98870eabace6ec370b7eb562751e8067e9
SHA256: 5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a
Actions
c:\programdata\qxtqusdnjzrizx418\msg\m_croatian.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\msg\m_croatian.wnry (Created File)
Size 38.15 KB (39070 bytes)
Hash Values MD5: 17194003fa70ce477326ce2f6deeb270
SHA1: e325988f68d327743926ea317abb9882f347fa73
SHA256: 3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171
Actions
c:\programdata\qxtqusdnjzrizx418\msg\m_czech.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\msg\m_czech.wnry (Created File)
Size 39.56 KB (40512 bytes)
Hash Values MD5: 537efeecdfa94cc421e58fd82a58ba9e
SHA1: 3609456e16bc16ba447979f3aa69221290ec17d0
SHA256: 5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150
Actions
c:\programdata\qxtqusdnjzrizx418\msg\m_danish.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\msg\m_danish.wnry (Created File)
Size 36.18 KB (37045 bytes)
Hash Values MD5: 2c5a3b81d5c4715b7bea01033367fcb5
SHA1: b548b45da8463e17199daafd34c23591f94e82cd
SHA256: a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6
Actions
c:\programdata\qxtqusdnjzrizx418\msg\m_dutch.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\msg\m_dutch.wnry (Created File)
Size 36.12 KB (36987 bytes)
Hash Values MD5: 7a8d499407c6a647c03c4471a67eaad7
SHA1: d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b
SHA256: 2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c
Actions
c:\programdata\qxtqusdnjzrizx418\msg\m_english.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\msg\m_english.wnry (Created File)
Size 36.11 KB (36973 bytes)
Hash Values MD5: fe68c2dc0d2419b38f44d83f2fcf232e
SHA1: 6c6e49949957215aa2f3dfb72207d249adf36283
SHA256: 26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5
Actions
c:\programdata\qxtqusdnjzrizx418\msg\m_filipino.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\msg\m_filipino.wnry (Created File)
Size 36.70 KB (37580 bytes)
Hash Values MD5: 08b9e69b57e4c9b966664f8e1c27ab09
SHA1: 2da1025bbbfb3cd308070765fc0893a48e5a85fa
SHA256: d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324
Actions
c:\programdata\qxtqusdnjzrizx418\msg\m_finnish.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\msg\m_finnish.wnry (Created File)
Size 37.48 KB (38377 bytes)
Hash Values MD5: 35c2f97eea8819b1caebd23fee732d8f
SHA1: e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA256: 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
Actions
c:\programdata\qxtqusdnjzrizx418\msg\m_french.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\msg\m_french.wnry (Created File)
Size 37.54 KB (38437 bytes)
Hash Values MD5: 4e57113a6bf6b88fdd32782a4a381274
SHA1: 0fccbc91f0f94453d91670c6794f71348711061d
SHA256: 9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc
Actions
c:\programdata\qxtqusdnjzrizx418\msg\m_german.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\msg\m_german.wnry (Created File)
Size 36.31 KB (37181 bytes)
Hash Values MD5: 3d59bbb5553fe03a89f817819540f469
SHA1: 26781d4b06ff704800b463d0f1fca3afd923a9fe
SHA256: 2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61
Actions
c:\programdata\qxtqusdnjzrizx418\msg\m_greek.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\msg\m_greek.wnry (Created File)
Size 47.89 KB (49044 bytes)
Hash Values MD5: fb4e8718fea95bb7479727fde80cb424
SHA1: 1088c7653cba385fe994e9ae34a6595898f20aeb
SHA256: e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9
Actions
c:\programdata\qxtqusdnjzrizx418\msg\m_indonesian.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\msg\m_indonesian.wnry (Created File)
Size 36.32 KB (37196 bytes)
Hash Values MD5: 3788f91c694dfc48e12417ce93356b0f
SHA1: eb3b87f7f654b604daf3484da9e02ca6c4ea98b7
SHA256: 23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4
Actions
c:\programdata\qxtqusdnjzrizx418\msg\m_italian.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\msg\m_italian.wnry (Created File)
Size 36.02 KB (36883 bytes)
Hash Values MD5: 30a200f78498990095b36f574b6e8690
SHA1: c4b1b3c087bd12b063e98bca464cd05f3f7b7882
SHA256: 49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07
Actions
c:\programdata\qxtqusdnjzrizx418\msg\m_japanese.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\msg\m_japanese.wnry (Created File)
Size 79.93 KB (81844 bytes)
Hash Values MD5: b77e1221f7ecd0b5d696cb66cda1609e
SHA1: 51eb7a254a33d05edf188ded653005dc82de8a46
SHA256: 7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e
Actions
c:\programdata\qxtqusdnjzrizx418\msg\m_korean.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\msg\m_korean.wnry (Created File)
Size 89.36 KB (91501 bytes)
Hash Values MD5: 6735cb43fe44832b061eeb3f5956b099
SHA1: d636daf64d524f81367ea92fdafa3726c909bee1
SHA256: 552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0
Actions
c:\programdata\qxtqusdnjzrizx418\msg\m_latvian.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\msg\m_latvian.wnry (Created File)
Size 40.20 KB (41169 bytes)
Hash Values MD5: c33afb4ecc04ee1bcc6975bea49abe40
SHA1: fbea4f170507cde02b839527ef50b7ec74b4821f
SHA256: a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536
Actions
c:\programdata\qxtqusdnjzrizx418\msg\m_norwegian.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\msg\m_norwegian.wnry (Created File)
Size 36.70 KB (37577 bytes)
Hash Values MD5: ff70cc7c00951084175d12128ce02399
SHA1: 75ad3b1ad4fb14813882d88e952208c648f1fd18
SHA256: cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a
Actions
c:\programdata\qxtqusdnjzrizx418\msg\m_polish.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\msg\m_polish.wnry (Created File)
Size 38.96 KB (39896 bytes)
Hash Values MD5: e79d7f2833a9c2e2553c7fe04a1b63f4
SHA1: 3d9f56d2381b8fe16042aa7c4feb1b33f2baebff
SHA256: 519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e
Actions
c:\programdata\qxtqusdnjzrizx418\msg\m_portuguese.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\msg\m_portuguese.wnry (Created File)
Size 37.03 KB (37917 bytes)
Hash Values MD5: fa948f7d8dfb21ceddd6794f2d56b44f
SHA1: ca915fbe020caa88dd776d89632d7866f660fc7a
SHA256: bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66
Actions
c:\programdata\qxtqusdnjzrizx418\msg\m_romanian.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\msg\m_romanian.wnry (Created File)
Size 50.94 KB (52161 bytes)
Hash Values MD5: 313e0ececd24f4fa1504118a11bc7986
SHA1: e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d
SHA256: 70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1
Actions
c:\programdata\qxtqusdnjzrizx418\msg\m_russian.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\msg\m_russian.wnry (Created File)
Size 46.00 KB (47108 bytes)
Hash Values MD5: 452615db2336d60af7e2057481e4cab5
SHA1: 442e31f6556b3d7de6eb85fbac3d2957b7f5eac6
SHA256: 02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078
Actions
c:\programdata\qxtqusdnjzrizx418\msg\m_slovak.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\msg\m_slovak.wnry (Created File)
Size 40.42 KB (41391 bytes)
Hash Values MD5: c911aba4ab1da6c28cf86338ab2ab6cc
SHA1: fee0fd58b8efe76077620d8abc7500dbfef7c5b0
SHA256: e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729
Actions
c:\programdata\qxtqusdnjzrizx418\msg\m_spanish.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\msg\m_spanish.wnry (Created File)
Size 36.50 KB (37381 bytes)
Hash Values MD5: 8d61648d34cba8ae9d1e2a219019add1
SHA1: 2091e42fc17a0cc2f235650f7aad87abf8ba22c2
SHA256: 72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1
Actions
c:\programdata\qxtqusdnjzrizx418\msg\m_swedish.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\msg\m_swedish.wnry (Created File)
Size 37.58 KB (38483 bytes)
Hash Values MD5: c7a19984eb9f37198652eaf2fd1ee25c
SHA1: 06eafed025cf8c4d76966bf382ab0c5e1bd6a0ae
SHA256: 146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4
Actions
c:\programdata\qxtqusdnjzrizx418\msg\m_turkish.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\msg\m_turkish.wnry (Created File)
Size 41.58 KB (42582 bytes)
Hash Values MD5: 531ba6b1a5460fc9446946f91cc8c94b
SHA1: cc56978681bd546fd82d87926b5d9905c92a5803
SHA256: 6db650836d64350bbde2ab324407b8e474fc041098c41ecac6fd77d632a36415
Actions
c:\programdata\qxtqusdnjzrizx418\msg\m_vietnamese.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\msg\m_vietnamese.wnry (Created File)
Size 91.58 KB (93778 bytes)
Hash Values MD5: 8419be28a0dcec3f55823620922b00fa
SHA1: 2e4791f9cdfca8abf345d606f313d22b36c46b92
SHA256: 1f21838b244c80f8bed6f6977aa8a557b419cf22ba35b1fd4bf0f98989c5bdf8
Actions
c:\programdata\qxtqusdnjzrizx418\r.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\r.wnry (Created File)
Size 0.84 KB (864 bytes)
Hash Values MD5: 3e0020fc529b1c2a061016dd2469ba96
SHA1: c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade
SHA256: 402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c
Actions
c:\programdata\qxtqusdnjzrizx418\s.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\s.wnry (Created File)
Size 2.90 MB (3038286 bytes)
Hash Values MD5: ad4c9de7c8c40813f200ba1c2fa33083
SHA1: d1af27518d455d432b62d73c6a1497d032f6120e
SHA256: e18fdd912dfe5b45776e68d578c3af3547886cf1353d7086c8bee037436dff4b
Actions
c:\programdata\qxtqusdnjzrizx418\t.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\t.wnry (Created File)
Size 64.27 KB (65816 bytes)
Hash Values MD5: 5dcaac857e695a65f5c3ef1441a73a8f
SHA1: 7b10aaeee05e7a1efb43d9f837e9356ad55c07dd
SHA256: 97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6
Actions
c:\programdata\qxtqusdnjzrizx418\taskdl.exe
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\taskdl.exe (Created File)
Size 20.00 KB (20480 bytes)
Hash Values MD5: 4fef5e34143e646dbf9907c4374276f5
SHA1: 47a9ad4125b6bd7c55e4e7da251e23f089407b8f
SHA256: 4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79
Actions
PE Information
+
File Properties
Image Base 0x400000
Entry Point 0x4018f6
Size Of Code 0x1000
Size Of Initialized Data 0x3000
Size Of Uninitialized Data 0x0
Format x86
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2009-07-14 02:12:07
Compiler/Packer Armadillo v1.71
Sections (4)
+
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0xadb 0x1000 0x1000 CNT_CODE, MEM_EXECUTE, MEM_READ 4.92
.rdata 0x402000 0x67a 0x1000 0x2000 CNT_INITIALIZED_DATA, MEM_READ 2.66
.data 0x403000 0x90 0x1000 0x3000 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 0.11
.rsrc 0x404000 0x410 0x1000 0x4000 CNT_INITIALIZED_DATA, MEM_READ 3.72
Imports (38)
+
KERNEL32.dll (11)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetTempPathW 0x0 0x402000 0x2160 0x2160
GetWindowsDirectoryW 0x0 0x402004 0x2164 0x2164
DeleteFileW 0x0 0x402008 0x2168 0x2168
FindClose 0x0 0x40200c 0x216c 0x216c
FindNextFileW 0x0 0x402010 0x2170 0x2170
FindFirstFileW 0x0 0x402014 0x2174 0x2174
Sleep 0x0 0x402018 0x2178 0x2178
GetDriveTypeW 0x0 0x40201c 0x217c 0x217c
GetLogicalDrives 0x0 0x402020 0x2180 0x2180
GetModuleHandleA 0x0 0x402024 0x2184 0x2184
GetStartupInfoA 0x0 0x402028 0x2188 0x2188
MSVCP60.dll (9)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z 0x0 0x402030 0x2190 0x2190
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z 0x0 0x402034 0x2194 0x2194
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z 0x0 0x402038 0x2198 0x2198
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z 0x0 0x40203c 0x219c 0x219c
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB 0x0 0x402040 0x21a0 0x21a0
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ 0x0 0x402044 0x21a4 0x21a4
?_Xran@std@@YAXXZ 0x0 0x402048 0x21a8 0x21a8
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ 0x0 0x40204c 0x21ac 0x21ac
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB 0x0 0x402050 0x21b0 0x21b0
MSVCRT.dll (18)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
__CxxFrameHandler 0x0 0x402058 0x21b8 0x21b8
??2@YAPAXI@Z 0x0 0x40205c 0x21bc 0x21bc
free 0x0 0x402060 0x21c0 0x21c0
_exit 0x0 0x402064 0x21c4 0x21c4
_XcptFilter 0x0 0x402068 0x21c8 0x21c8
swprintf 0x0 0x40206c 0x21cc 0x21cc
_acmdln 0x0 0x402070 0x21d0 0x21d0
__getmainargs 0x0 0x402074 0x21d4 0x21d4
_initterm 0x0 0x402078 0x21d8 0x21d8
__setusermatherr 0x0 0x40207c 0x21dc 0x21dc
_adjust_fdiv 0x0 0x402080 0x21e0 0x21e0
__p__commode 0x0 0x402084 0x21e4 0x21e4
__p__fmode 0x0 0x402088 0x21e8 0x21e8
__set_app_type 0x0 0x40208c 0x21ec 0x21ec
_except_handler3 0x0 0x402090 0x21f0 0x21f0
_controlfp 0x0 0x402094 0x21f4 0x21f4
exit 0x0 0x402098 0x21f8 0x21f8
wcslen 0x0 0x40209c 0x21fc 0x21fc
c:\programdata\qxtqusdnjzrizx418\taskse.exe
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\taskse.exe (Created File)
Size 20.00 KB (20480 bytes)
Hash Values MD5: 8495400f199ac77853c53b5a3f278f3e
SHA1: be5d6279874da315e3080b06083757aad9b32c23
SHA256: 2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d
Actions
PE Information
+
File Properties
Image Base 0x400000
Entry Point 0x40154c
Size Of Code 0x1000
Size Of Initialized Data 0x3000
Size Of Uninitialized Data 0x0
Format x86
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2009-07-14 01:15:28
Compiler/Packer Armadillo v1.71
Sections (4)
+
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x6d2 0x1000 0x1000 CNT_CODE, MEM_EXECUTE, MEM_READ 3.3
.rdata 0x402000 0x280 0x1000 0x2000 CNT_INITIALIZED_DATA, MEM_READ 1.05
.data 0x403000 0x1c0 0x1000 0x3000 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 0.8
.rsrc 0x404000 0x414 0x1000 0x4000 CNT_INITIALIZED_DATA, MEM_READ 3.72
Imports (22)
+
KERNEL32.dll (6)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
WaitForSingleObject 0x0 0x402000 0x20b8 0x20b8
GetProcAddress 0x0 0x402004 0x20bc 0x20bc
LoadLibraryA 0x0 0x402008 0x20c0 0x20c0
GetModuleHandleA 0x0 0x40200c 0x20c4 0x20c4
Sleep 0x0 0x402010 0x20c8 0x20c8
GetStartupInfoA 0x0 0x402014 0x20cc 0x20cc
MSVCRT.dll (16)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
_local_unwind2 0x0 0x40201c 0x20d4 0x20d4
__p___argv 0x0 0x402020 0x20d8 0x20d8
__p___argc 0x0 0x402024 0x20dc 0x20dc
_exit 0x0 0x402028 0x20e0 0x20e0
_XcptFilter 0x0 0x40202c 0x20e4 0x20e4
exit 0x0 0x402030 0x20e8 0x20e8
_except_handler3 0x0 0x402034 0x20ec 0x20ec
__getmainargs 0x0 0x402038 0x20f0 0x20f0
_initterm 0x0 0x40203c 0x20f4 0x20f4
__setusermatherr 0x0 0x402040 0x20f8 0x20f8
_adjust_fdiv 0x0 0x402044 0x20fc 0x20fc
__p__commode 0x0 0x402048 0x2100 0x2100
__p__fmode 0x0 0x40204c 0x2104 0x2104
__set_app_type 0x0 0x402050 0x2108 0x2108
_controlfp 0x0 0x402054 0x210c 0x210c
_acmdln 0x0 0x402058 0x2110 0x2110
c:\programdata\qxtqusdnjzrizx418\u.wnry, ...
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\u.wnry (Created File)
c:\programdata\qxtqusdnjzrizx418\@wanadecryptor@.exe (Created File)
c:\users\dssdpmx042\desktop\@wanadecryptor@.exe (Created File)
c:\users\dssdpmx042\documents\@wanadecryptor@.exe (Created File)
c:\@wanadecryptor@.exe (Created File)
c:\system volume information\@wanadecryptor@.exe (Created File)
Size 240.00 KB (245760 bytes)
Hash Values MD5: 7bf2b57f2a205768755c07f238fb32cc
SHA1: 45356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256: b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
Actions
PE Information
+
File Properties
Image Base 0x400000
Entry Point 0x413102
Size Of Code 0x14000
Size Of Initialized Data 0x27000
Size Of Uninitialized Data 0x0
Format x86
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2009-07-14 01:19:35
Compiler/Packer Armadillo v1.71
Sections (4)
+
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x13395 0x14000 0x1000 CNT_CODE, MEM_EXECUTE, MEM_READ 6.24
.rdata 0x415000 0x9268 0xa000 0x15000 CNT_INITIALIZED_DATA, MEM_READ 5.87
.data 0x41f000 0x32a0 0x3000 0x1f000 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 4.73
.rsrc 0x423000 0x19b7c 0x1a000 0x22000 CNT_INITIALIZED_DATA, MEM_READ 5.64
Imports (420)
+
MFC42.DLL (205)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
(by ordinal) 0x19f8 0x415174 0x1ce24 0x1ce24
(by ordinal) 0x1a7a 0x415178 0x1ce28 0x1ce28
(by ordinal) 0x39a 0x41517c 0x1ce2c 0x1ce2c
(by ordinal) 0x164e 0x415180 0x1ce30 0x1ce30
(by ordinal) 0x1021 0x415184 0x1ce34 0x1ce34
(by ordinal) 0x39b 0x415188 0x1ce38 0x1ce38
(by ordinal) 0x10b5 0x41518c 0x1ce3c 0x1ce3c
(by ordinal) 0x3ac 0x415190 0x1ce40 0x1ce40
(by ordinal) 0x280 0x415194 0x1ce44 0x1ce44
(by ordinal) 0x965 0x415198 0x1ce48 0x1ce48
(by ordinal) 0x1699 0x41519c 0x1ce4c 0x1ce4c
(by ordinal) 0x668 0x4151a0 0x1ce50 0x1ce50
(by ordinal) 0x143 0x4151a4 0x1ce54 0x1ce54
(by ordinal) 0x490 0x4151a8 0x1ce58 0x1ce58
(by ordinal) 0x1835 0x4151ac 0x1ce5c 0x1ce5c
(by ordinal) 0x1241 0x4151b0 0x1ce60 0x1ce60
(by ordinal) 0x10b2 0x4151b4 0x1ce64 0x1ce64
(by ordinal) 0x18e7 0x4151b8 0x1ce68 0x1ce68
(by ordinal) 0x1186 0x4151bc 0x1ce6c 0x1ce6c
(by ordinal) 0x9fa 0x4151c0 0x1ce70 0x1ce70
(by ordinal) 0x9d0 0x4151c4 0x1ce74 0x1ce74
(by ordinal) 0x1663 0x4151c8 0x1ce78 0x1ce78
(by ordinal) 0xf52 0x4151cc 0x1ce7c 0x1ce7c
(by ordinal) 0x441 0x4151d0 0x1ce80 0x1ce80
(by ordinal) 0x144f 0x4151d4 0x1ce84 0x1ce84
(by ordinal) 0x95c 0x4151d8 0x1ce88 0x1ce88
(by ordinal) 0xd12 0x4151dc 0x1ce8c 0x1ce8c
(by ordinal) 0x14b4 0x4151e0 0x1ce90 0x1ce90
(by ordinal) 0x14b6 0x4151e4 0x1ce94 0x1ce94
(by ordinal) 0xaa5 0x4151e8 0x1ce98 0x1ce98
(by ordinal) 0xfef 0x4151ec 0x1ce9c 0x1ce9c
(by ordinal) 0x125a 0x4151f0 0x1cea0 0x1cea0
(by ordinal) 0x14bb 0x4151f4 0x1cea4 0x1cea4
(by ordinal) 0x14a9 0x4151f8 0x1cea8 0x1cea8
(by ordinal) 0x1652 0x4151fc 0x1ceac 0x1ceac
(by ordinal) 0x120e 0x415200 0x1ceb0 0x1ceb0
(by ordinal) 0xe9a 0x415204 0x1ceb4 0x1ceb4
(by ordinal) 0x231 0x415208 0x1ceb8 0x1ceb8
(by ordinal) 0x32f 0x41520c 0x1cebc 0x1cebc
(by ordinal) 0x261 0x415210 0x1cec0 0x1cec0
(by ordinal) 0x30d 0x415214 0x1cec4 0x1cec4
(by ordinal) 0x1926 0x415218 0x1cec8 0x1cec8
(by ordinal) 0xa3d 0x41521c 0x1cecc 0x1cecc
(by ordinal) 0x46e 0x415220 0x1ced0 0x1ced0
(by ordinal) 0x18be 0x415224 0x1ced4 0x1ced4
(by ordinal) 0xe7c 0x415228 0x1ced8 0x1ced8
(by ordinal) 0xa0f 0x41522c 0x1cedc 0x1cedc
(by ordinal) 0x112c 0x415230 0x1cee0 0x1cee0
(by ordinal) 0xdf6 0x415234 0x1cee4 0x1cee4
(by ordinal) 0x47a 0x415238 0x1cee8 0x1cee8
(by ordinal) 0x1847 0x41523c 0x1ceec 0x1ceec
(by ordinal) 0x299 0x415240 0x1cef0 0x1cef0
(by ordinal) 0x7bb 0x415244 0x1cef4 0x1cef4
(by ordinal) 0x161 0x415248 0x1cef8 0x1cef8
(by ordinal) 0x17f8 0x41524c 0x1cefc 0x1cefc
(by ordinal) 0x17fc 0x415250 0x1cf00 0x1cf00
(by ordinal) 0x217 0x415254 0x1cf04 0x1cf04
(by ordinal) 0x1adc 0x415258 0x1cf08 0x1cf08
(by ordinal) 0x3ab 0x41525c 0x1cf0c 0x1cf0c
(by ordinal) 0x3ad 0x415260 0x1cf10 0x1cf10
(by ordinal) 0x10b6 0x415264 0x1cf14 0x1cf14
(by ordinal) 0x155 0x415268 0x1cf18 0x1cf18
(by ordinal) 0xb9b 0x41526c 0x1cf1c 0x1cf1c
(by ordinal) 0x167f 0x415270 0x1cf20 0x1cf20
(by ordinal) 0x1830 0x415274 0x1cf24 0x1cf24
(by ordinal) 0x167c 0x415278 0x1cf28 0x1cf28
(by ordinal) 0x182a 0x41527c 0x1cf2c 0x1cf2c
(by ordinal) 0x10ea 0x415280 0x1cf30 0x1cf30
(by ordinal) 0x182d 0x415284 0x1cf34 0x1cf34
(by ordinal) 0x1785 0x415288 0x1cf38 0x1cf38
(by ordinal) 0x16f1 0x41528c 0x1cf3c 0x1cf3c
(by ordinal) 0x16a2 0x415290 0x1cf40 0x1cf40
(by ordinal) 0x162e 0x415294 0x1cf44 0x1cf44
(by ordinal) 0x1668 0x415298 0x1cf48 0x1cf48
(by ordinal) 0x15cb 0x41529c 0x1cf4c 0x1cf4c
(by ordinal) 0x15c3 0x4152a0 0x1cf50 0x1cf50
(by ordinal) 0x17ad 0x4152a4 0x1cf54 0x1cf54
(by ordinal) 0x16e8 0x4152a8 0x1cf58 0x1cf58
(by ordinal) 0xe0c 0x4152ac 0x1cf5c 0x1cf5c
(by ordinal) 0xdf3 0x4152b0 0x1cf60 0x1cf60
(by ordinal) 0xed5 0x4152b4 0x1cf64 0x1cf64
(by ordinal) 0x94d 0x4152b8 0x1cf68 0x1cf68
(by ordinal) 0xac2 0x4152bc 0x1cf6c 0x1cf6c
(by ordinal) 0x1832 0x4152c0 0x1cf70 0x1cf70
(by ordinal) 0x1a4e 0x4152c4 0x1cf74 0x1cf74
(by ordinal) 0x181a 0x4152c8 0x1cf78 0x1cf78
(by ordinal) 0xe7a 0x4152cc 0x1cf7c 0x1cf7c
(by ordinal) 0x1695 0x4152d0 0x1cf80 0x1cf80
(by ordinal) 0xb02 0x4152d4 0x1cf84 0x1cf84
(by ordinal) 0x942 0x4152d8 0x1cf88 0x1cf88
(by ordinal) 0x8f1 0x4152dc 0x1cf8c 0x1cf8c
(by ordinal) 0x121 0x4152e0 0x1cf90 0x1cf90
(by ordinal) 0x265 0x4152e4 0x1cf94 0x1cf94
(by ordinal) 0xb2c 0x4152e8 0x1cf98 0x1cf98
(by ordinal) 0x10bc 0x4152ec 0x1cf9c 0x1cf9c
(by ordinal) 0xf22 0x4152f0 0x1cfa0 0x1cfa0
(by ordinal) 0x1d6 0x4152f4 0x1cfa4 0x1cfa4
(by ordinal) 0x169d 0x4152f8 0x1cfa8 0x1cfa8
(by ordinal) 0x16f3 0x4152fc 0x1cfac 0x1cfac
(by ordinal) 0x181c 0x415300 0x1cfb0 0x1cfb0
(by ordinal) 0x2f3 0x415304 0x1cfb4 0x1cfb4
(by ordinal) 0x1a07 0x415308 0x1cfb8 0x1cfb8
(by ordinal) 0xb30 0x41530c 0x1cfbc 0x1cfbc
(by ordinal) 0x10b3 0x415310 0x1cfc0 0x1cfc0
(by ordinal) 0x21c 0x415314 0x1cfc4 0x1cfc4
(by ordinal) 0x35c 0x415318 0x1cfc8 0x1cfc8
(by ordinal) 0x35a 0x41531c 0x1cfcc 0x1cfcc
(by ordinal) 0x31b 0x415320 0x1cfd0 0x1cfd0
(by ordinal) 0xe89 0x415324 0x1cfd4 0x1cfd4
(by ordinal) 0xa52 0x415328 0x1cfd8 0x1cfd8
(by ordinal) 0xf9e 0x41532c 0x1cfdc 0x1cfdc
(by ordinal) 0xce5 0x415330 0x1cfe0 0x1cfe0
(by ordinal) 0x11b 0x415334 0x1cfe4 0x1cfe4
(by ordinal) 0x169b 0x415338 0x1cfe8 0x1cfe8
(by ordinal) 0x117c 0x41533c 0x1cfec 0x1cfec
(by ordinal) 0xc11 0x415340 0x1cff0 0x1cff0
(by ordinal) 0x669 0x415344 0x1cff4 0x1cff4
(by ordinal) 0xf9c 0x415348 0x1cff8 0x1cff8
(by ordinal) 0x96e 0x41534c 0x1cffc 0x1cffc
(by ordinal) 0x628 0x415350 0x1d000 0x1d000
(by ordinal) 0x268 0x415354 0x1d004 0x1d004
(by ordinal) 0xe4f 0x415358 0x1d008 0x1d008
(by ordinal) 0xe2a 0x41535c 0x1d00c 0x1d00c
(by ordinal) 0x2b5 0x415360 0x1d010 0x1d010
(by ordinal) 0xe38 0x415364 0x1d014 0x1d014
(by ordinal) 0xd2a 0x415368 0x1d018 0x1d018
(by ordinal) 0x1132 0x41536c 0x1d01c 0x1d01c
(by ordinal) 0xa16 0x415370 0x1d020 0x1d020
(by ordinal) 0xdfe 0x415374 0x1d024 0x1d024
(by ordinal) 0x112e 0x415378 0x1d028 0x1d028
(by ordinal) 0xa12 0x41537c 0x1d02c 0x1d02c
(by ordinal) 0x107a 0x415380 0x1d030 0x1d030
(by ordinal) 0x7e7 0x415384 0x1d034 0x1d034
(by ordinal) 0x96b 0x415388 0x1d038 0x1d038
(by ordinal) 0xdf5 0x41538c 0x1d03c 0x1d03c
(by ordinal) 0xe23 0x415390 0x1d040 0x1d040
(by ordinal) 0x337 0x415394 0x1d044 0x1d044
(by ordinal) 0xc14 0x415398 0x1d048 0x1d048
(by ordinal) 0x1837 0x41539c 0x1d04c 0x1d04c
(by ordinal) 0x1118 0x4153a0 0x1d050 0x1d050
(by ordinal) 0x1935 0x4153a4 0x1d054 0x1d054
(by ordinal) 0x39c 0x4153a8 0x1d058 0x1d058
(by ordinal) 0x4b0 0x4153ac 0x1d05c 0x1d05c
(by ordinal) 0x320 0x4153b0 0x1d060 0x1d060
(by ordinal) 0x94b 0x4153b4 0x1d064 0x1d064
(by ordinal) 0x14a0 0x4153b8 0x1d068 0x1d068
(by ordinal) 0x1266 0x4153bc 0x1d06c 0x1d06c
(by ordinal) 0x219 0x4153c0 0x1d070 0x1d070
(by ordinal) 0x108a 0x4153c4 0x1d074 0x1d074
(by ordinal) 0x8fe 0x4153c8 0x1d078 0x1d078
(by ordinal) 0x2fd 0x4153cc 0x1d07c 0x1d07c
(by ordinal) 0x339 0x4153d0 0x1d080 0x1d080
(by ordinal) 0x144 0x4153d4 0x1d084 0x1d084
(by ordinal) 0x237 0x4153d8 0x1d088 0x1d088
(by ordinal) 0x281 0x4153dc 0x1d08c 0x1d08c
(by ordinal) 0xe72 0x4153e0 0x1d090 0x1d090
(by ordinal) 0x1148 0x4153e4 0x1d094 0x1d094
(by ordinal) 0x1213 0x4153e8 0x1d098 0x1d098
(by ordinal) 0xff0 0x4153ec 0x1d09c 0x1d09c
(by ordinal) 0xc07 0x4153f0 0x1d0a0 0x1d0a0
(by ordinal) 0xef1 0x4153f4 0x1d0a4 0x1d0a4
(by ordinal) 0xef7 0x4153f8 0x1d0a8 0x1d0a8
(by ordinal) 0xef6 0x4153fc 0x1d0ac 0x1d0ac
(by ordinal) 0xd4a 0x415400 0x1d0b0 0x1d0b0
(by ordinal) 0xba0 0x415404 0x1d0b4 0x1d0b4
(by ordinal) 0xc09 0x415408 0x1d0b8 0x1d0b8
(by ordinal) 0xba9 0x41540c 0x1d0bc 0x1d0bc
(by ordinal) 0xcbe 0x415410 0x1d0c0 0x1d0c0
(by ordinal) 0xc40 0x415414 0x1d0c4 0x1d0c4
(by ordinal) 0x1171 0x415418 0x1d0c8 0x1d0c8
(by ordinal) 0xcbb 0x41541c 0x1d0cc 0x1d0cc
(by ordinal) 0xc4b 0x415420 0x1d0d0 0x1d0d0
(by ordinal) 0xba6 0x415424 0x1d0d4 0x1d0d4
(by ordinal) 0x149d 0x415428 0x1d0d8 0x1d0d8
(by ordinal) 0x84c 0x41542c 0x1d0dc 0x1d0dc
(by ordinal) 0x98e 0x415430 0x1d0e0 0x1d0e0
(by ordinal) 0x148d 0x415434 0x1d0e4 0x1d0e4
(by ordinal) 0x6bf 0x415438 0x1d0e8 0x1d0e8
(by ordinal) 0x13c9 0x41543c 0x1d0ec 0x1d0ec
(by ordinal) 0xea5 0x415440 0x1d0f0 0x1d0f0
(by ordinal) 0x18e8 0x415444 0x1d0f4 0x1d0f4
(by ordinal) 0x807 0x415448 0x1d0f8 0x1d0f8
(by ordinal) 0xa58 0x41544c 0x1d0fc 0x1d0fc
(by ordinal) 0x1159 0x415450 0x1d100 0x1d100
(by ordinal) 0x12e5 0x415454 0x1d104 0x1d104
(by ordinal) 0xed6 0x415458 0x1d108 0x1d108
(by ordinal) 0x14aa 0x41545c 0x1d10c 0x1d10c
(by ordinal) 0x1101 0x415460 0x1d110 0x1d110
(by ordinal) 0x18e6 0x415464 0x1d114 0x1d114
(by ordinal) 0x142b 0x415468 0x1d118 0x1d118
(by ordinal) 0x951 0x41546c 0x1d11c 0x1d11c
(by ordinal) 0x1479 0x415470 0x1d120 0x1d120
(by ordinal) 0x1137 0x415474 0x1d124 0x1d124
(by ordinal) 0x6f0 0x415478 0x1d128 0x1d128
(by ordinal) 0xfee 0x41547c 0x1d12c 0x1d12c
(by ordinal) 0x17a7 0x415480 0x1d130 0x1d130
(by ordinal) 0xe0d 0x415484 0x1d134 0x1d134
(by ordinal) 0x1149 0x415488 0x1d138 0x1d138
(by ordinal) 0x6ef 0x41548c 0x1d13c 0x1d13c
(by ordinal) 0x17a4 0x415490 0x1d140 0x1d140
(by ordinal) 0x9d2 0x415494 0x1d144 0x1d144
(by ordinal) 0x1386 0x415498 0x1d148 0x1d148
(by ordinal) 0x12f5 0x41549c 0x1d14c 0x1d14c
(by ordinal) 0x28e 0x4154a0 0x1d150 0x1d150
(by ordinal) 0x1491 0x4154a4 0x1d154 0x1d154
MSVCRT.dll (58)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
_XcptFilter 0x0 0x4154d8 0x1d188 0x1d188
_exit 0x0 0x4154dc 0x1d18c 0x1d18c
??1type_info@@UAE@XZ 0x0 0x4154e0 0x1d190 0x1d190
_onexit 0x0 0x4154e4 0x1d194 0x1d194
__dllonexit 0x0 0x4154e8 0x1d198 0x1d198
realloc 0x0 0x4154ec 0x1d19c 0x1d19c
exit 0x0 0x4154f0 0x1d1a0 0x1d1a0
_mbsstr 0x0 0x4154f4 0x1d1a4 0x1d1a4
_setmbcp 0x0 0x4154f8 0x1d1a8 0x1d1a8
_strnicmp 0x0 0x4154fc 0x1d1ac 0x1d1ac
_wcsnicmp 0x0 0x415500 0x1d1b0 0x1d1b0
_wcsicmp 0x0 0x415504 0x1d1b4 0x1d1b4
_acmdln 0x0 0x415508 0x1d1b8 0x1d1b8
__getmainargs 0x0 0x41550c 0x1d1bc 0x1d1bc
_initterm 0x0 0x415510 0x1d1c0 0x1d1c0
__setusermatherr 0x0 0x415514 0x1d1c4 0x1d1c4
_adjust_fdiv 0x0 0x415518 0x1d1c8 0x1d1c8
__p__commode 0x0 0x41551c 0x1d1cc 0x1d1cc
__p__fmode 0x0 0x415520 0x1d1d0 0x1d1d0
__set_app_type 0x0 0x415524 0x1d1d4 0x1d1d4
_controlfp 0x0 0x415528 0x1d1d8 0x1d1d8
__CxxFrameHandler 0x0 0x41552c 0x1d1dc 0x1d1dc
fclose 0x0 0x415530 0x1d1e0 0x1d1e0
fread 0x0 0x415534 0x1d1e4 0x1d1e4
fopen 0x0 0x415538 0x1d1e8 0x1d1e8
sprintf 0x0 0x41553c 0x1d1ec 0x1d1ec
rand 0x0 0x415540 0x1d1f0 0x1d1f0
fwrite 0x0 0x415544 0x1d1f4 0x1d1f4
time 0x0 0x415548 0x1d1f8 0x1d1f8
srand 0x0 0x41554c 0x1d1fc 0x1d1fc
wcscpy 0x0 0x415550 0x1d200 0x1d200
wcscat 0x0 0x415554 0x1d204 0x1d204
wcslen 0x0 0x415558 0x1d208 0x1d208
_ftol 0x0 0x41555c 0x1d20c 0x1d20c
_except_handler3 0x0 0x415560 0x1d210 0x1d210
_local_unwind2 0x0 0x415564 0x1d214 0x1d214
wcsrchr 0x0 0x415568 0x1d218 0x1d218
wcscmp 0x0 0x41556c 0x1d21c 0x1d21c
swprintf 0x0 0x415570 0x1d220 0x1d220
wcsstr 0x0 0x415574 0x1d224 0x1d224
fgets 0x0 0x415578 0x1d228 0x1d228
malloc 0x0 0x41557c 0x1d22c 0x1d22c
calloc 0x0 0x415580 0x1d230 0x1d230
free 0x0 0x415584 0x1d234 0x1d234
_purecall 0x0 0x415588 0x1d238 0x1d238
memmove 0x0 0x41558c 0x1d23c 0x1d23c
strncpy 0x0 0x415590 0x1d240 0x1d240
_CxxThrowException 0x0 0x415594 0x1d244 0x1d244
??0exception@@QAE@ABQBD@Z 0x0 0x415598 0x1d248 0x1d248
??1exception@@UAE@XZ 0x0 0x41559c 0x1d24c 0x1d24c
??0exception@@QAE@ABV0@@Z 0x0 0x4155a0 0x1d250 0x1d250
strrchr 0x0 0x4155a4 0x1d254 0x1d254
__p___argc 0x0 0x4155a8 0x1d258 0x1d258
__p___argv 0x0 0x4155ac 0x1d25c 0x1d25c
_mbscmp 0x0 0x4155b0 0x1d260 0x1d260
strncmp 0x0 0x4155b4 0x1d264 0x1d264
sscanf 0x0 0x4155b8 0x1d268 0x1d268
strtok 0x0 0x4155bc 0x1d26c 0x1d26c
KERNEL32.dll (59)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GlobalFree 0x0 0x415084 0x1cd34 0x1cd34
GetTickCount 0x0 0x415088 0x1cd38 0x1cd38
CreateProcessA 0x0 0x41508c 0x1cd3c 0x1cd3c
TerminateProcess 0x0 0x415090 0x1cd40 0x1cd40
GetExitCodeProcess 0x0 0x415094 0x1cd44 0x1cd44
WaitForSingleObject 0x0 0x415098 0x1cd48 0x1cd48
TerminateThread 0x0 0x41509c 0x1cd4c 0x1cd4c
CloseHandle 0x0 0x4150a0 0x1cd50 0x1cd50
GetFileAttributesA 0x0 0x4150a4 0x1cd54 0x1cd54
DeleteFileA 0x0 0x4150a8 0x1cd58 0x1cd58
CreateThread 0x0 0x4150ac 0x1cd5c 0x1cd5c
SystemTimeToTzSpecificLocalTime 0x0 0x4150b0 0x1cd60 0x1cd60
GetTimeZoneInformation 0x0 0x4150b4 0x1cd64 0x1cd64
CopyFileW 0x0 0x4150b8 0x1cd68 0x1cd68
CreateDirectoryA 0x0 0x4150bc 0x1cd6c 0x1cd6c
GetProcAddress 0x0 0x4150c0 0x1cd70 0x1cd70
CopyFileA 0x0 0x4150c4 0x1cd74 0x1cd74
GetComputerNameA 0x0 0x4150c8 0x1cd78 0x1cd78
SystemTimeToFileTime 0x0 0x4150cc 0x1cd7c 0x1cd7c
LocalFileTimeToFileTime 0x0 0x4150d0 0x1cd80 0x1cd80
GetModuleHandleA 0x0 0x4150d4 0x1cd84 0x1cd84
GetStartupInfoA 0x0 0x4150d8 0x1cd88 0x1cd88
LoadLibraryA 0x0 0x4150dc 0x1cd8c 0x1cd8c
GlobalAlloc 0x0 0x4150e0 0x1cd90 0x1cd90
SetCurrentDirectoryA 0x0 0x4150e4 0x1cd94 0x1cd94
GetCurrentDirectoryA 0x0 0x4150e8 0x1cd98 0x1cd98
SetFileTime 0x0 0x4150ec 0x1cd9c 0x1cd9c
SetFilePointerEx 0x0 0x4150f0 0x1cda0 0x1cda0
SetEndOfFile 0x0 0x4150f4 0x1cda4 0x1cda4
SetFilePointer 0x0 0x4150f8 0x1cda8 0x1cda8
GetFileTime 0x0 0x4150fc 0x1cdac 0x1cdac
MultiByteToWideChar 0x0 0x415100 0x1cdb0 0x1cdb0
FindClose 0x0 0x415104 0x1cdb4 0x1cdb4
FindNextFileW 0x0 0x415108 0x1cdb8 0x1cdb8
GetFileAttributesW 0x0 0x41510c 0x1cdbc 0x1cdbc
FindFirstFileW 0x0 0x415110 0x1cdc0 0x1cdc0
CreateFileA 0x0 0x415114 0x1cdc4 0x1cdc4
GetExitCodeThread 0x0 0x415118 0x1cdc8 0x1cdc8
GlobalUnlock 0x0 0x41511c 0x1cdcc 0x1cdcc
GlobalLock 0x0 0x415120 0x1cdd0 0x1cdd0
WideCharToMultiByte 0x0 0x415124 0x1cdd4 0x1cdd4
GetDiskFreeSpaceExW 0x0 0x415128 0x1cdd8 0x1cdd8
GetDriveTypeW 0x0 0x41512c 0x1cddc 0x1cddc
GetLogicalDrives 0x0 0x415130 0x1cde0 0x1cde0
FindNextFileA 0x0 0x415134 0x1cde4 0x1cde4
FindFirstFileA 0x0 0x415138 0x1cde8 0x1cde8
InitializeCriticalSection 0x0 0x41513c 0x1cdec 0x1cdec
DeleteCriticalSection 0x0 0x415140 0x1cdf0 0x1cdf0
ReadFile 0x0 0x415144 0x1cdf4 0x1cdf4
GetFileSize 0x0 0x415148 0x1cdf8 0x1cdf8
WriteFile 0x0 0x41514c 0x1cdfc 0x1cdfc
LeaveCriticalSection 0x0 0x415150 0x1ce00 0x1ce00
EnterCriticalSection 0x0 0x415154 0x1ce04 0x1ce04
Sleep 0x0 0x415158 0x1ce08 0x1ce08
ExitProcess 0x0 0x41515c 0x1ce0c 0x1ce0c
GetModuleFileNameA 0x0 0x415160 0x1ce10 0x1ce10
GetTempFileNameA 0x0 0x415164 0x1ce14 0x1ce14
GetUserDefaultLangID 0x0 0x415168 0x1ce18 0x1ce18
GetLocaleInfoA 0x0 0x41516c 0x1ce1c 0x1ce1c
USER32.dll (35)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
BringWindowToTop 0x0 0x4155dc 0x1d28c 0x1d28c
GrayStringA 0x0 0x4155e0 0x1d290 0x1d290
DrawTextA 0x0 0x4155e4 0x1d294 0x1d294
TabbedTextOutA 0x0 0x4155e8 0x1d298 0x1d298
SetActiveWindow 0x0 0x4155ec 0x1d29c 0x1d29c
GetSysColor 0x0 0x4155f0 0x1d2a0 0x1d2a0
ShowWindow 0x0 0x4155f4 0x1d2a4 0x1d2a4
SystemParametersInfoW 0x0 0x4155f8 0x1d2a8 0x1d2a8
IsIconic 0x0 0x4155fc 0x1d2ac 0x1d2ac
GetSystemMetrics 0x0 0x415600 0x1d2b0 0x1d2b0
SetFocus 0x0 0x415604 0x1d2b4 0x1d2b4
SetForegroundWindow 0x0 0x415608 0x1d2b8 0x1d2b8
OffsetRect 0x0 0x41560c 0x1d2bc 0x1d2bc
SetWindowPos 0x0 0x415610 0x1d2c0 0x1d2c0
DrawIcon 0x0 0x415614 0x1d2c4 0x1d2c4
SetWindowTextW 0x0 0x415618 0x1d2c8 0x1d2c8
LoadIconA 0x0 0x41561c 0x1d2cc 0x1d2cc
FindWindowW 0x0 0x415620 0x1d2d0 0x1d2d0
wsprintfA 0x0 0x415624 0x1d2d4 0x1d2d4
SystemParametersInfoA 0x0 0x415628 0x1d2d8 0x1d2d8
SetTimer 0x0 0x41562c 0x1d2dc 0x1d2dc
SendMessageA 0x0 0x415630 0x1d2e0 0x1d2e0
FillRect 0x0 0x415634 0x1d2e4 0x1d2e4
RedrawWindow 0x0 0x415638 0x1d2e8 0x1d2e8
InvalidateRect 0x0 0x41563c 0x1d2ec 0x1d2ec
SetCursor 0x0 0x415640 0x1d2f0 0x1d2f0
GetParent 0x0 0x415644 0x1d2f4 0x1d2f4
LoadCursorA 0x0 0x415648 0x1d2f8 0x1d2f8
OpenClipboard 0x0 0x41564c 0x1d2fc 0x1d2fc
EmptyClipboard 0x0 0x415650 0x1d300 0x1d300
SetClipboardData 0x0 0x415654 0x1d304 0x1d304
CloseClipboard 0x0 0x415658 0x1d308 0x1d308
GetClientRect 0x0 0x41565c 0x1d30c 0x1d30c
KillTimer 0x0 0x415660 0x1d310 0x1d310
EnableWindow 0x0 0x415664 0x1d314 0x1d314
GDI32.dll (19)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
ExtTextOutA 0x0 0x415034 0x1cce4 0x1cce4
TextOutA 0x0 0x415038 0x1cce8 0x1cce8
RectVisible 0x0 0x41503c 0x1ccec 0x1ccec
PtVisible 0x0 0x415040 0x1ccf0 0x1ccf0
CreateCompatibleBitmap 0x0 0x415044 0x1ccf4 0x1ccf4
CreateRectRgn 0x0 0x415048 0x1ccf8 0x1ccf8
GetWindowOrgEx 0x0 0x41504c 0x1ccfc 0x1ccfc
GetViewportOrgEx 0x0 0x415050 0x1cd00 0x1cd00
GetDeviceCaps 0x0 0x415054 0x1cd04 0x1cd04
CreateCompatibleDC 0x0 0x415058 0x1cd08 0x1cd08
BitBlt 0x0 0x41505c 0x1cd0c 0x1cd0c
DeleteObject 0x0 0x415060 0x1cd10 0x1cd10
GetTextExtentPoint32A 0x0 0x415064 0x1cd14 0x1cd14
GetObjectA 0x0 0x415068 0x1cd18 0x1cd18
CreateFontIndirectA 0x0 0x41506c 0x1cd1c 0x1cd1c
PatBlt 0x0 0x415070 0x1cd20 0x1cd20
CreateSolidBrush 0x0 0x415074 0x1cd24 0x1cd24
CreateFontA 0x0 0x415078 0x1cd28 0x1cd28
Escape 0x0 0x41507c 0x1cd2c 0x1cd2c
ADVAPI32.dll (9)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RegQueryValueExA 0x0 0x415000 0x1ccb0 0x1ccb0
GetUserNameA 0x0 0x415004 0x1ccb4 0x1ccb4
CryptReleaseContext 0x0 0x415008 0x1ccb8 0x1ccb8
RegSetValueExA 0x0 0x41500c 0x1ccbc 0x1ccbc
RegCreateKeyW 0x0 0x415010 0x1ccc0 0x1ccc0
RegCloseKey 0x0 0x415014 0x1ccc4 0x1ccc4
AllocateAndInitializeSid 0x0 0x415018 0x1ccc8 0x1ccc8
CheckTokenMembership 0x0 0x41501c 0x1cccc 0x1cccc
FreeSid 0x0 0x415020 0x1ccd0 0x1ccd0
SHELL32.dll (3)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
ShellExecuteA 0x0 0x4155cc 0x1d27c 0x1d27c
ShellExecuteExA 0x0 0x4155d0 0x1d280 0x1d280
SHGetFolderPathW 0x0 0x4155d4 0x1d284 0x1d284
COMCTL32.dll (2)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
_TrackMouseEvent 0x0 0x415028 0x1ccd8 0x1ccd8
(by ordinal) 0x8 0x41502c 0x1ccdc 0x1ccdc
OLEAUT32.dll (1)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
VariantTimeToSystemTime 0xb9 0x4155c4 0x1d274 0x1d274
urlmon.dll (1)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
URLDownloadToFileA 0x0 0x4156bc 0x1d36c 0x1d36c
MSVCP60.dll (10)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ 0x0 0x4154ac 0x1d15c 0x1d15c
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z 0x0 0x4154b0 0x1d160 0x1d160
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z 0x0 0x4154b4 0x1d164 0x1d164
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z 0x0 0x4154b8 0x1d168 0x1d168
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z 0x0 0x4154bc 0x1d16c 0x1d16c
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ 0x0 0x4154c0 0x1d170 0x1d170
?_Xran@std@@YAXXZ 0x0 0x4154c4 0x1d174 0x1d174
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB 0x0 0x4154c8 0x1d178 0x1d178
?_Xlen@std@@YAXXZ 0x0 0x4154cc 0x1d17c 0x1d17c
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB 0x0 0x4154d0 0x1d180 0x1d180
WS2_32.dll (17)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
select 0x12 0x415674 0x1d324 0x1d324
connect 0x4 0x415678 0x1d328 0x1d328
ioctlsocket 0xa 0x41567c 0x1d32c 0x1d32c
bind 0x2 0x415680 0x1d330 0x1d330
socket 0x17 0x415684 0x1d334 0x1d334
htons 0x9 0x415688 0x1d338 0x1d338
gethostbyname 0x34 0x41568c 0x1d33c 0x1d33c
inet_addr 0xb 0x415690 0x1d340 0x1d340
__WSAFDIsSet 0x97 0x415694 0x1d344 0x1d344
WSAGetLastError 0x6f 0x415698 0x1d348 0x1d348
shutdown 0x16 0x41569c 0x1d34c 0x1d34c
send 0x13 0x4156a0 0x1d350 0x1d350
recv 0x10 0x4156a4 0x1d354 0x1d354
setsockopt 0x15 0x4156a8 0x1d358 0x1d358
WSAStartup 0x73 0x4156ac 0x1d35c 0x1d35c
inet_ntoa 0xc 0x4156b0 0x1d360 0x1d360
closesocket 0x3 0x4156b4 0x1d364 0x1d364
WININET.dll (1)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
DeleteUrlCacheEntry 0x0 0x41566c 0x1d31c 0x1d31c
Icons (3)
+
Icon Icon Icon
c:\programdata\qxtqusdnjzrizx418\c.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\c.wnry (Created File)
Size 0.76 KB (780 bytes)
Hash Values MD5: 8124a611153cd3aceb85a7ac58eaa25d
SHA1: c1d5cd8774261d810dca9b6a8e478d01cd4995d6
SHA256: 0ceb451c1dbefaa8231eeb462e8ce639863eb5b8ae4fa63a353eb6e86173119e
Actions
c:\programdata\qxtqusdnjzrizx418\00000000.pky
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\00000000.pky (Created File)
Size 0.27 KB (276 bytes)
Hash Values MD5: c65cd5243e61572568ee2734832269ca
SHA1: 2e60cb6febfa6ef982b8688f35394930a37a9b33
SHA256: 8af6fa9d5c84effc0750fb63c5c647c40652bdb6f0e3ed7c772c543256b62ddc
Actions
c:\programdata\qxtqusdnjzrizx418\00000000.res
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\00000000.res (Created File)
Size 0.13 KB (136 bytes)
Hash Values MD5: f4774cee1d903fe496a65a20e25e2526
SHA1: e7bb9c2daf8f9ce6e73b46b4e1169f1832ce855d
SHA256: 504dd383ab440e1978b0f59a4046feaa06eefbdf29abdc30dfff1f7f5ea488ab
Actions
c:\programdata\qxtqusdnjzrizx418\00000000.res
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\00000000.res (Created File)
Size 0.13 KB (136 bytes)
Hash Values MD5: b62e5cd65ff0cfd7005629cc01a6bed2
SHA1: 0e301c6876e4d84a47cfd259bab12b3ae80ca17b
SHA256: 28c0beeb1d6405d223b5c64684a18663aff9e82643e93cde1a26939a157c0542
Actions
c:\programdata\qxtqusdnjzrizx418\29121494860050.bat
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\29121494860050.bat (Created File)
Size 0.33 KB (338 bytes)
Hash Values MD5: ae6ebda4ab7f0b299a6509d4a01b4ec3
SHA1: d81627bc1826d2a35631fb8f49428780037a6941
SHA256: 680261f622218754b126f3f21ec64aab7dbcca2e62dabd10e2b0967c35f694b1
Actions
c:\programdata\qxtqusdnjzrizx418\@please_read_me@.txt, ...
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\@please_read_me@.txt (Created File)
c:\users\dssdpmx042\desktop\@please_read_me@.txt (Created File)
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\@please_read_me@.txt (Created File)
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\0qdvmg\@please_read_me@.txt (Created File)
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\k8vahpvastg\@please_read_me@.txt (Created File)
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\@please_read_me@.txt (Created File)
c:\users\dssdpmx042\documents\@please_read_me@.txt (Created File)
c:\users\dssdpmx042\documents\z-zdwb\@please_read_me@.txt (Created File)
c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\@please_read_me@.txt (Created File)
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\@please_read_me@.txt (Created File)
c:\@please_read_me@.txt (Created File)
c:\system volume information\@please_read_me@.txt (Created File)
c:\programdata\microsoft\user account pictures\@please_read_me@.txt (Created File)
c:\programdata\microsoft\user account pictures\default pictures\@please_read_me@.txt (Created File)
c:\programdata\microsoft\windows\caches\@please_read_me@.txt (Created File)
c:\programdata\microsoft\windows\ringtones\@please_read_me@.txt (Created File)
c:\programdata\microsoft\windows nt\msscan\@please_read_me@.txt (Created File)
Size 0.91 KB (933 bytes)
Hash Values MD5: 7a2726bb6e6a79fb1d092b7f2b688af0
SHA1: b3effadce8b76aee8cd6ce2eccbb8701797468a2
SHA256: 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5
Actions
c:\users\dssdpmx042\desktop\bibagpmyuse2qjdfr.jpg.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\bibagpmyuse2qjdfr.jpg.wncryt (Created File)
c:\users\dssdpmx042\desktop\bibagpmyuse2qjdfr.jpg.wncry (Created File)
Size 11.09 KB (11352 bytes)
Hash Values MD5: da73798452b7fba062b913ecd37286d9
SHA1: 09e66ad856a76c12806015851eef0765bc3dea89
SHA256: 256d273f5d6539d8db02951fde28b43d616167b1a89a2f1ef79e5b7850d374ba
Actions
c:\programdata\qxtqusdnjzrizx418\m.vbs
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\m.vbs (Created File)
Size 0.05 KB (48 bytes)
Hash Values MD5: c493292036ec198d49523464555aedde
SHA1: 25d640988d41fc2d046f9722ed79fde7a54575fd
SHA256: 02befd86643a4f4a40116c2ad0dce064a070e17512f989c3b88b0df0fc3a905f
Actions
c:\programdata\qxtqusdnjzrizx418\m.vbs
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\m.vbs (Created File)
Size 0.13 KB (136 bytes)
Hash Values MD5: 37e02a954d2b611c297682d51ffbcb52
SHA1: 2d2e31672be300dff53face6ef8bcc8ad327f426
SHA256: 16fa7eb4e3d014c2173b044ca8c32226aaa1bb1090749061ed68a5f1abd38c87
Actions
c:\programdata\qxtqusdnjzrizx418\m.vbs
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\m.vbs (Created File)
Size 0.20 KB (208 bytes)
Hash Values MD5: 620d64377f6ff4419bea5ff1d9dd94f3
SHA1: 0a38dfef93d6e73014a518e140f44065bb27d8c7
SHA256: 4c8698e64e19c1cc1bcbc19541175bda82ccd56585147d63e9a850b559d2107c
Actions
c:\users\dssdpmx042\desktop\bibagpmyuse2qjdfr.jpg, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\bibagpmyuse2qjdfr.jpg (Modified File)
c:\windows\temp\0.wncryt (Created File)
Size 10.80 KB (11064 bytes)
Hash Values MD5: 3ee5779625d0b97294ef36b70e58d188
SHA1: 50b0e20b07ab0da1577e48e998371e065d3f4efe
SHA256: 62ac5cf20020f5c7571e14951c094d8dbf38e3f38f88f5139dca393d465b66fc
Actions
c:\users\dssdpmx042\desktop\h yrmf.docx.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\h yrmf.docx.wncryt (Created File)
c:\users\dssdpmx042\desktop\h yrmf.docx.wncry (Created File)
Size 22.27 KB (22808 bytes)
Hash Values MD5: d905808e8ea2e805e6b416d70d608d48
SHA1: e7b7c3cbd769eb79150298bfccab1310fcd35e1a
SHA256: 83a8094789c016d13b8a78da188d017f0106e42da605cd3ac8d3882155a51c22
Actions
c:\programdata\qxtqusdnjzrizx418\m.vbs
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\m.vbs (Created File)
Size 0.21 KB (217 bytes)
Hash Values MD5: 842b0b90740485898b4d9e4509c1b94c
SHA1: ed4387eeb836e971faa7ea06f0cdcde532f97ff2
SHA256: 1e68e9bda8ff0de0308ec19ec061fabc13b6571c57c9001718871a5a98cbb734
Actions
c:\users\dssdpmx042\desktop\h yrmf.docx, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\h yrmf.docx (Modified File)
c:\windows\temp\1.wncryt (Created File)
Size 22.00 KB (22528 bytes)
Hash Values MD5: fb02e68d70109055a2fdc2864a842ec1
SHA1: 255a1cb6178d17fe92698ecea790a7537c7dcab8
SHA256: 9624a1ba5c11e599567f65dacbdccb22e4c9291bb1d190728cfc1c9d6760d4db
Actions
c:\users\dssdpmx042\desktop\hwef8jg56gk9dlonf.csv.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\hwef8jg56gk9dlonf.csv.wncryt (Created File)
c:\users\dssdpmx042\desktop\hwef8jg56gk9dlonf.csv.wncry (Created File)
Size 80.85 KB (82792 bytes)
Hash Values MD5: c2672dd7ed6ec9eab03386340c7a6f3b
SHA1: e02f3f0271f5b7a2d9641cf6d102da77f9e661ce
SHA256: f91df75053d0e25cab35b9e1d18f90c06c534a7f42d6a0c7b41ea3d34440adcd
Actions
c:\users\dssdpmx042\desktop\hwef8jg56gk9dlonf.csv, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\hwef8jg56gk9dlonf.csv (Modified File)
c:\windows\temp\2.wncryt (Created File)
Size 80.57 KB (82500 bytes)
Hash Values MD5: 2d4df96ed77e5804720bf44c5b83296f
SHA1: 893d2146aac383261db90d866285ba8000907782
SHA256: 7434969cbd8ecacb0a5d77b7b2485ec168d790b439436e37c1122e800acfa583
Actions
c:\users\dssdpmx042\desktop\lt4b3l1iwxyf2bnrt.xlsx.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\lt4b3l1iwxyf2bnrt.xlsx.wncryt (Created File)
c:\users\dssdpmx042\desktop\lt4b3l1iwxyf2bnrt.xlsx.wncry (Created File)
Size 71.76 KB (73480 bytes)
Hash Values MD5: a6dd8e06654780956483155b8978d3b9
SHA1: 10d3576c3629eb2dcc107a704932f1f122845782
SHA256: c4a9dd89f615c007f3fc4e973151bde2641a97976c3aee52dbefa8477a79ce54
Actions
c:\users\dssdpmx042\desktop\lt4b3l1iwxyf2bnrt.xlsx, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\lt4b3l1iwxyf2bnrt.xlsx (Modified File)
c:\windows\temp\3.wncryt (Created File)
Size 71.48 KB (73192 bytes)
Hash Values MD5: 65d1857a5e2111f2e45cd54e164d806c
SHA1: 94bb2391424b2293c924f5601e4d477e3ca1a791
SHA256: 8599b28b4b11bc360f3d933a16937ed3a0c52670ae64570a13a044445ab1c461
Actions
c:\users\dssdpmx042\desktop\qb17mfblutnx_jw3.jpg.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\qb17mfblutnx_jw3.jpg.wncryt (Created File)
c:\users\dssdpmx042\desktop\qb17mfblutnx_jw3.jpg.wncry (Created File)
Size 40.27 KB (41240 bytes)
Hash Values MD5: fbfbc94fc6e4b8991ec3c3d1f0d2f24d
SHA1: f8b71fb844dad50980fe4a9dbd0103e51502d0b7
SHA256: 6e97389728e6d4a105bf9c6ad55b9c1d8a67b080aa3ee26e1e77f4b405faacff
Actions
c:\users\dssdpmx042\desktop\qb17mfblutnx_jw3.jpg, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\qb17mfblutnx_jw3.jpg (Modified File)
c:\windows\temp\4.wncryt (Created File)
Size 40.00 KB (40955 bytes)
Hash Values MD5: 56bb3ca495ede0e41b28ef34e5fa3541
SHA1: 9e6f4b185994384e27b9d14d2011c087650a844f
SHA256: 455c1ebe8caee4307b455527c737491a95467d5a393171975ff48903b6a010e0
Actions
c:\users\dssdpmx042\desktop\xirvpsv.pptx.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\xirvpsv.pptx.wncryt (Created File)
c:\users\dssdpmx042\desktop\xirvpsv.pptx.wncry (Created File)
Size 58.68 KB (60088 bytes)
Hash Values MD5: 6ffb6e3ba17774fc339b5a4fce9ecfc8
SHA1: 9e2d2bd67b9c9744cd436e5d782d934c5f2d25bc
SHA256: 83e55942a55f35ba23f9d39fa08f7128b913db96067dd2449bfcf27bdbdaa10d
Actions
c:\users\dssdpmx042\desktop\xirvpsv.pptx, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\xirvpsv.pptx (Modified File)
c:\windows\temp\5.wncryt (Created File)
Size 58.39 KB (59796 bytes)
Hash Values MD5: 168562728df92f9f114f162a2c2be5c1
SHA1: 88c110971e0ca431d3b6e391223de9557d3eeca2
SHA256: 814162cbe25d555db3be6fa5199c45850439b2ec94cdbf6787f8c3c2660a7451
Actions
c:\users\dssdpmx042\desktop\z89la7110x3isdf6.doc.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\z89la7110x3isdf6.doc.wncryt (Created File)
c:\users\dssdpmx042\desktop\z89la7110x3isdf6.doc.wncry (Created File)
Size 36.18 KB (37048 bytes)
Hash Values MD5: 13b6e76d17664e4139909e5715759d72
SHA1: 099e59de271053fba210f46c16b2c13c0b2047e9
SHA256: edc3026ed54fcebe8f1c14bf9dcd39ce12211609f46e0ff094a94802b7a46cfa
Actions
c:\users\dssdpmx042\desktop\z89la7110x3isdf6.doc, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\z89la7110x3isdf6.doc (Modified File)
c:\windows\temp\6.wncryt (Created File)
Size 35.90 KB (36763 bytes)
Hash Values MD5: 229cad9ef4f5c6747fd250b1458bd034
SHA1: dbc6dfbf0dd5e22097dffb203d2605db109fc1a1
SHA256: 4069ed0b714f2ea93239f927a47d95582907538579f882a7d90694d824127b36
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\6pkpcf4uawtzg4xqlmdz.jpg.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\6pkpcf4uawtzg4xqlmdz.jpg.wncryt (Created File)
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\6pkpcf4uawtzg4xqlmdz.jpg.wncry (Created File)
Size 97.88 KB (100232 bytes)
Hash Values MD5: d84d799e738f66bfce9cde9b40a91260
SHA1: 77fc587cb2112358c1e092c8734b21c19bac7935
SHA256: 5e28b3b281e21be78021b437c4b34ed1515cff0b81a3721af41c1dd1d6e1e8f7
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\6pkpcf4uawtzg4xqlmdz.jpg, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\6pkpcf4uawtzg4xqlmdz.jpg (Modified File)
c:\windows\temp\7.wncryt (Created File)
Size 97.60 KB (99945 bytes)
Hash Values MD5: f3d712b3002d73584282c5fb6660ac20
SHA1: e455bc30d36a256c5fdb04edc5aba1bd173c3bab
SHA256: c842f219a72c51f09873e80ebb0d00bf7cad30bc7bb544335cc4b5bf29197a24
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\yluqbrq8d4aff5hp.jpg.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\yluqbrq8d4aff5hp.jpg.wncryt (Created File)
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\yluqbrq8d4aff5hp.jpg.wncry (Created File)
Size 80.52 KB (82456 bytes)
Hash Values MD5: 36e3118e2afa6bfce7b6bfbc73f932d8
SHA1: 157aa2923213757beaf68ce4237ff888b58737f8
SHA256: 64c56afd39cd0bbefc9e10f60a890b1167a321df6f545e340101c41bc24cee71
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\yluqbrq8d4aff5hp.jpg, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\yluqbrq8d4aff5hp.jpg (Modified File)
c:\windows\temp\8.wncryt (Created File)
Size 80.25 KB (82176 bytes)
Hash Values MD5: 162c7b257c42dbc21a8bd44611b4f890
SHA1: 9f0230022addae5674f46bbac2de0c1329e775cc
SHA256: 6105ab2cd2eecf2a3d5940659c1296cefa36a11613781649c884878e871e38d4
Actions
c:\users\dssdpmx042\desktop\3kmod_2d6ued.swf.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\3kmod_2d6ued.swf.wncryt (Created File)
c:\users\dssdpmx042\desktop\3kmod_2d6ued.swf.wncry (Created File)
Size 85.85 KB (87912 bytes)
Hash Values MD5: 42017c1c061981b4ebc20902da1da1bb
SHA1: 7c4a69ebcadd3ea52fc99f9a806359f4e12c6370
SHA256: 418ee8a260e253bf75ec03d0814e7348dbdd71237edec560bd4e35ac5c5d5411
Actions
c:\users\dssdpmx042\desktop\3kmod_2d6ued.swf, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\3kmod_2d6ued.swf (Modified File)
c:\windows\temp\9.wncryt (Created File)
Size 85.57 KB (87623 bytes)
Hash Values MD5: 2e232a2cb31f0ad346bace764a90f286
SHA1: 259d85cb72d1d55a94b9d73bf02808f9cc14433f
SHA256: d0f454ea3954a6ac5f87f6fe880f52e18a1f4dce9a57837a73c371357c327b4e
Actions
c:\users\dssdpmx042\desktop\acndlsz4zhbdyziqkotj.mp3.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\acndlsz4zhbdyziqkotj.mp3.wncryt (Created File)
c:\users\dssdpmx042\desktop\acndlsz4zhbdyziqkotj.mp3.wncry (Created File)
Size 79.96 KB (81880 bytes)
Hash Values MD5: 4bd46bfbfee74c352c12f5a34a6fedf0
SHA1: 1e36078bbe9c22780cfc552c60c388756dfeb7ca
SHA256: 4a93d21635ff083cbde13e3d65fbe1645476c599fc9b66c414dfdca75aea8bea
Actions
c:\users\dssdpmx042\desktop\acndlsz4zhbdyziqkotj.mp3, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\acndlsz4zhbdyziqkotj.mp3 (Modified File)
c:\windows\temp\10.wncryt (Created File)
Size 79.68 KB (81590 bytes)
Hash Values MD5: 9b7567a7b3a8aea1171c7936a14c9e0e
SHA1: 46b0d934f3ac100d3c863c3644f3c9e1ab0cfcf0
SHA256: 14dae8125fdb52e782b6c1661e183af78b4faa950dbcea08e118f60f74b93893
Actions
c:\users\dssdpmx042\desktop\ajkh5gnvfe8rqzavym.png.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\ajkh5gnvfe8rqzavym.png.wncryt (Created File)
c:\users\dssdpmx042\desktop\ajkh5gnvfe8rqzavym.png.wncry (Created File)
Size 74.54 KB (76328 bytes)
Hash Values MD5: 8c663eca804cdd5a480bc4e979bf3750
SHA1: 90ba13476718190673f31eebca2c6c7ca7efc0d5
SHA256: 374122d65d1ae83cf168f24e9e5bab6501fe50d80036933962f18523427dbd7c
Actions
c:\users\dssdpmx042\desktop\ajkh5gnvfe8rqzavym.png, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\ajkh5gnvfe8rqzavym.png (Modified File)
c:\windows\temp\11.wncryt (Created File)
Size 74.26 KB (76047 bytes)
Hash Values MD5: 56ea97594d6c2f6213b3e64ef0fa4cc2
SHA1: 54ee47521257ba2f32ee5d6eeccfa9843e66a165
SHA256: 79525a1cd343565a2f8ab33b23fb28639ce8ad17f2bc2c8cfb7ad5bbd608217e
Actions
c:\users\dssdpmx042\desktop\blw7.png.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\blw7.png.wncryt (Created File)
c:\users\dssdpmx042\desktop\blw7.png.wncry (Created File)
Size 47.10 KB (48232 bytes)
Hash Values MD5: ab4509f821c27a880cf7feac0224a7d2
SHA1: 4d9318a4ecf0c3336c69983856278ed64443b818
SHA256: 2f9bdb8686832ca0e00fb01c38256d1efdcad25daf5b6627f1c170a04d2875d1
Actions
c:\users\dssdpmx042\desktop\blw7.png, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\blw7.png (Modified File)
c:\windows\temp\12.wncryt (Created File)
Size 46.82 KB (47942 bytes)
Hash Values MD5: bd4769ae3e4cb236a860e29f7836fb64
SHA1: 531c24517337a47a8da33a6d627b3c76398c05a6
SHA256: f0c5d1aa7cd41c15544b129cee6d3258eff376e76a801a9dd93bb2d8c9fad27d
Actions
c:\users\dssdpmx042\desktop\c9dt7ht6ochw_r.flv.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\c9dt7ht6ochw_r.flv.wncryt (Created File)
c:\users\dssdpmx042\desktop\c9dt7ht6ochw_r.flv.wncry (Created File)
Size 80.63 KB (82568 bytes)
Hash Values MD5: 76ddd940e7c32cc548fdab729abc0f48
SHA1: 94127bfbc185a21d98c217a251ec1f2dddc60fd6
SHA256: 384af03e528328c41049253d3ce218270fa1c30fc3d49cb52b906e2aa360e041
Actions
c:\users\dssdpmx042\desktop\c9dt7ht6ochw_r.flv, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\c9dt7ht6ochw_r.flv (Modified File)
c:\windows\temp\13.wncryt (Created File)
Size 80.34 KB (82273 bytes)
Hash Values MD5: bc7e247bfc57168fc6757cdc4938b441
SHA1: 3f39a1eca30cca1137515da61c6ae208e7b0a128
SHA256: 37504f9946f13630307035595dcfe41f15a815ed99bf0aae9709924fa999926a
Actions
c:\users\dssdpmx042\desktop\fycbs5cumf6dh_fs.ods.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\fycbs5cumf6dh_fs.ods.wncryt (Created File)
c:\users\dssdpmx042\desktop\fycbs5cumf6dh_fs.ods.wncry (Created File)
Size 15.26 KB (15624 bytes)
Hash Values MD5: 3a4985c992305883bf7b975e1d69f93c
SHA1: 5ba82c399772db385ea5dcb0444a092dffea7cc6
SHA256: 9ecf8c1e10ad2602e3c9730937582b0507979470ee1d9bbbd89fa3922102d656
Actions
c:\users\dssdpmx042\desktop\fycbs5cumf6dh_fs.ods, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\fycbs5cumf6dh_fs.ods (Modified File)
c:\windows\temp\14.wncryt (Created File)
Size 14.97 KB (15333 bytes)
Hash Values MD5: 6c6bb09c3adb2034ac6df04caa5df1f3
SHA1: 352737014f2e270bcbd94e2016a20eb04ab11cf5
SHA256: 72bcf456f67936bbcc54a981b8045ac0beaa3abf9e6cc523f2614dfa23a13b4f
Actions
c:\users\dssdpmx042\desktop\gfs3quzvztmy-jq6xox.bmp.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\gfs3quzvztmy-jq6xox.bmp.wncryt (Created File)
c:\users\dssdpmx042\desktop\gfs3quzvztmy-jq6xox.bmp.wncry (Created File)
Size 38.90 KB (39832 bytes)
Hash Values MD5: 69502155b2d8d433667fa4de8cf4c0f2
SHA1: 61ec970083abf70dfb42a794d1eb58e59a0acd88
SHA256: 7037a6d1f279e3b2ab40261f6f0570899b07b53a690e70291e56828ce40f3e0b
Actions
c:\users\dssdpmx042\desktop\gfs3quzvztmy-jq6xox.bmp, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\gfs3quzvztmy-jq6xox.bmp (Modified File)
c:\windows\temp\15.wncryt (Created File)
Size 38.62 KB (39552 bytes)
Hash Values MD5: a0caf035ed46a2cc5f999e464a5a6beb
SHA1: ffb5be3d7c726c035546dfce5dca7b9770571785
SHA256: e7b85f3eccd8dc0c4dfe744cbf977ac53ef97f066ee5206435d7113de5dc2f1e
Actions
c:\users\dssdpmx042\desktop\h4mzf.bmp.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\h4mzf.bmp.wncryt (Created File)
c:\users\dssdpmx042\desktop\h4mzf.bmp.wncry (Created File)
Size 28.51 KB (29192 bytes)
Hash Values MD5: 1b303c5b36b5d39525f246e4a2dd94f1
SHA1: f2fcdc4d92936a7c6b8b6836c5b7b401868c67ed
SHA256: f300f57084f087228ab36a24db06915ba3f051cfd29e4c3a393fb64d70c08190
Actions
c:\users\dssdpmx042\desktop\h4mzf.bmp, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\h4mzf.bmp (Modified File)
c:\windows\temp\16.wncryt (Created File)
Size 28.23 KB (28912 bytes)
Hash Values MD5: c886644bd3d95ff22acfb989c2e810cb
SHA1: 7aa33e6c737c6e47530ac3582a212b9248fdf960
SHA256: 8afd27e83d5a24ce35f1b907b5ad22a366b9be9993d829a501ab613f6fa3278e
Actions
c:\users\dssdpmx042\desktop\hyxaas7ppqlngg5ir6.mp4.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\hyxaas7ppqlngg5ir6.mp4.wncryt (Created File)
c:\users\dssdpmx042\desktop\hyxaas7ppqlngg5ir6.mp4.wncry (Created File)
Size 44.84 KB (45912 bytes)
Hash Values MD5: 552bc4665b02329c4824f2604d8e3b0f
SHA1: 28096706b049fab8b6282751ec3850c5e01a6de1
SHA256: 1292feeb57d78c3d747bb9bdd726c7baa718ee7602b07fc98d873cb657839033
Actions
c:\users\dssdpmx042\desktop\hyxaas7ppqlngg5ir6.mp4, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\hyxaas7ppqlngg5ir6.mp4 (Modified File)
c:\windows\temp\17.wncryt (Created File)
Size 44.55 KB (45622 bytes)
Hash Values MD5: a7d4745347be265cf78ef70fe504544e
SHA1: 840c0b582f8dcb2585382d2c3db7875cea4ba209
SHA256: e11137d2e02ae3ac1eb8bc1c8f04d90bf1926701be353203c8124761570e91de
Actions
c:\users\dssdpmx042\desktop\kit3qjluq u1ehoy.wav.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\kit3qjluq u1ehoy.wav.wncryt (Created File)
c:\users\dssdpmx042\desktop\kit3qjluq u1ehoy.wav.wncry (Created File)
Size 73.35 KB (75112 bytes)
Hash Values MD5: 194b0b2856ef040070481da4ecac6ce5
SHA1: 157d99cbe3b9b9806e2c9c5421d2ae7ea7879e9a
SHA256: acbd352f371765bcb5f9c64e27f4c58968b5f0f8972777c1dde9acd1d7961e10
Actions
c:\users\dssdpmx042\desktop\kit3qjluq u1ehoy.wav, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\kit3qjluq u1ehoy.wav (Modified File)
c:\windows\temp\18.wncryt (Created File)
Size 73.07 KB (74827 bytes)
Hash Values MD5: 2ed621e825694e7fae484037d3906a7a
SHA1: 7cb4ab9038f33afb43d539581060109611c972ed
SHA256: e347c17e6cd8d1c74b152f269faeae5cde11043a983f7af1aa262362fbd0dc2d
Actions
c:\users\dssdpmx042\desktop\lkwb.wav.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\lkwb.wav.wncryt (Created File)
c:\users\dssdpmx042\desktop\lkwb.wav.wncry (Created File)
Size 74.02 KB (75800 bytes)
Hash Values MD5: 94fdedf3962f05deda10d3222c81b753
SHA1: 5223e95d4f39b8a6e8b826e0bc5fce97d66f7565
SHA256: f94e3f65475b440981571afb6c3b5cf877b575adc23dae70d9340ec8edf4bcdb
Actions
c:\users\dssdpmx042\desktop\lkwb.wav, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\lkwb.wav (Modified File)
c:\windows\temp\19.wncryt (Created File)
Size 73.75 KB (75516 bytes)
Hash Values MD5: b15f1937d3f3b7bfbb98f62a9aa9a227
SHA1: e60a4e0068895825a336d2c3b6a67e6a0e52b462
SHA256: b186c070593638b7e24be4393869fd34b130db62d9aa72c11fc8b7291c0f771a
Actions
c:\users\dssdpmx042\desktop\m-flkfw.pps.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\m-flkfw.pps.wncryt (Created File)
c:\users\dssdpmx042\desktop\m-flkfw.pps.wncry (Created File)
Size 41.13 KB (42120 bytes)
Hash Values MD5: a9d9c012f146cdc7ee766cc425e8e489
SHA1: 133f658cae905b2561597b2a13c8909166611b47
SHA256: 03c38620aecef400199018ffd28abf07db0059fe68b7be695c587968111ec4ce
Actions
c:\users\dssdpmx042\desktop\m-flkfw.pps, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\m-flkfw.pps (Modified File)
c:\windows\temp\20.wncryt (Created File)
Size 40.86 KB (41838 bytes)
Hash Values MD5: 6219d95071c47356507fec4900ada63b
SHA1: 4b8f2eaf504546dcdcf147e68ea9693f92080f63
SHA256: 4b81c0bc78abc3883cf7ac44258c92c041a3afa222c2c2a2fd0ff18004fe5e06
Actions
c:\users\dssdpmx042\desktop\p6tg4g.bmp.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\p6tg4g.bmp.wncryt (Created File)
c:\users\dssdpmx042\desktop\p6tg4g.bmp.wncry (Created File)
Size 90.57 KB (92744 bytes)
Hash Values MD5: fd398b116d80e42e94cd79a343afd17c
SHA1: ceccb5a5ec206bb74d9bd01346eb354b8434e104
SHA256: e8d14faf7b9e1c855c4942f81f5f873edba0dc58771f73be3116b5c7279ccffa
Actions
c:\users\dssdpmx042\desktop\p6tg4g.bmp, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\p6tg4g.bmp (Modified File)
c:\windows\temp\21.wncryt (Created File)
Size 90.29 KB (92452 bytes)
Hash Values MD5: 3d55650b7c88e9237be0028231198528
SHA1: 8f2bcbb02078e6231ce6c5bd0acc8435ccb868cd
SHA256: 991caaef77f177562aeebbfddfdddedfea876aaafce018a5868b60b3ef88c496
Actions
c:\users\dssdpmx042\desktop\ytaj9x8n5wxojmujtmi.gif.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\ytaj9x8n5wxojmujtmi.gif.wncryt (Created File)
c:\users\dssdpmx042\desktop\ytaj9x8n5wxojmujtmi.gif.wncry (Created File)
Size 31.49 KB (32248 bytes)
Hash Values MD5: 16562bbf4a3cba18dff4a8ee5f88e2ec
SHA1: 4a4121347609f93f690bec4191e333ffd8acef10
SHA256: 51b202fd4f17cdc4f344d9f8292850962fa0923544ca53560b9bc80b1a33d47a
Actions
c:\users\dssdpmx042\desktop\ytaj9x8n5wxojmujtmi.gif, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\ytaj9x8n5wxojmujtmi.gif (Modified File)
c:\windows\temp\22.wncryt (Created File)
Size 31.21 KB (31958 bytes)
Hash Values MD5: 419aa3a972f61d528e84abcbcd4eda25
SHA1: e4ff43bee2e446063fea3ce65503a829d0efca45
SHA256: 12197824c11674a0f0d2a45eda1621e2b2e6b7086af5ce748b8abfb7b7e18041
Actions
c:\users\dssdpmx042\desktop\zb1nbq.mp4.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\zb1nbq.mp4.wncryt (Created File)
c:\users\dssdpmx042\desktop\zb1nbq.mp4.wncry (Created File)
Size 42.49 KB (43512 bytes)
Hash Values MD5: 38f2f91a7383f903bf02b4a8f244fb54
SHA1: 2aa50360e212ace0b47aa88d89d1ad657a59263c
SHA256: 0de0e567f4914a8f03f00e0a947ee60ab605f86627ba9684aa21089af4bba48d
Actions
c:\users\dssdpmx042\desktop\zb1nbq.mp4, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\zb1nbq.mp4 (Modified File)
c:\windows\temp\23.wncryt (Created File)
Size 42.22 KB (43232 bytes)
Hash Values MD5: bcb24fa3468b5a25ac5343e4b4dd8b90
SHA1: 3685760f78c9c7e9b33a7686aa44d26d8cc931dc
SHA256: 981a7a46c3ba0ce36dc4dae86320a1e1c568b97b5bd531a2290b5efb1d2e4cb9
Actions
c:\users\dssdpmx042\desktop\zu3ocp3f88cn.flv.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\zu3ocp3f88cn.flv.wncryt (Created File)
c:\users\dssdpmx042\desktop\zu3ocp3f88cn.flv.wncry (Created File)
Size 87.12 KB (89208 bytes)
Hash Values MD5: 3112a3bd65a2cf8800290d9898775062
SHA1: f1a2f51591db9d3649b2f70bada7d1b83e81105d
SHA256: bda21f175ae835c44771303814a084919b2f56f4fd17ecf5f65e6cd4fb09c60c
Actions
c:\users\dssdpmx042\desktop\zu3ocp3f88cn.flv, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\zu3ocp3f88cn.flv (Modified File)
c:\windows\temp\24.wncryt (Created File)
Size 86.83 KB (88916 bytes)
Hash Values MD5: 5665be3e3e07d146b1b7b8326b86eea2
SHA1: 89f04a11c3e37d2e6d595c626af242d884b8347c
SHA256: ed7100d87d053455a4865fe714feb645fec30e7b07d6ebfa60eca60a2a279179
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\- jmajpm5_rro.bmp.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\- jmajpm5_rro.bmp.wncryt (Created File)
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\- jmajpm5_rro.bmp.wncry (Created File)
Size 84.73 KB (86760 bytes)
Hash Values MD5: c0a1e95102cfa081ba164890ab5f23b7
SHA1: 283aa92034f79a22d49ab5bd9452bd4a4b4296f9
SHA256: 3a2124af4527c49ea8dbd7d29ec769d059ec61b7febc6864ae318e32f6b2767d
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\- jmajpm5_rro.bmp, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\- jmajpm5_rro.bmp (Modified File)
c:\windows\temp\25.wncryt (Created File)
Size 84.44 KB (86471 bytes)
Hash Values MD5: 5ec48b36d07b2f4115c31194dc8e3c2e
SHA1: d05c2990e1d6669bb234cb568052b1c095838c3e
SHA256: f7bda5aef4f129662e91499f83f29dae79efcbc561c772a0b9874e77315e3d12
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\mf1nbo.swf.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\mf1nbo.swf.wncryt (Created File)
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\mf1nbo.swf.wncry (Created File)
Size 19.51 KB (19976 bytes)
Hash Values MD5: 735bfd9387bf698c126ab60a1caba50e
SHA1: 397826b07e7d830d2de4f716646db233b85ad8ac
SHA256: f432be570f44fe6452518eaa39b4be8ea4ac84b5734f02c6fea9f5be1696579c
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\mf1nbo.swf, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\mf1nbo.swf (Modified File)
c:\windows\temp\26.wncryt (Created File)
Size 19.23 KB (19695 bytes)
Hash Values MD5: 366b04c7e65a5f7f6124a6d9b68a5216
SHA1: 809b5c92c2d8d28d2338117043165913b6e1d667
SHA256: b353ec02032117bc9ca3c334554b8036630b41a0d07a3d420c70d3422e095cfd
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\0qdvmg\kslni5puyuj.flv.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\0qdvmg\kslni5puyuj.flv.wncryt (Created File)
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\0qdvmg\kslni5puyuj.flv.wncry (Created File)
Size 69.74 KB (71416 bytes)
Hash Values MD5: 44d19ffd3b90a9983dbdd954adda1d81
SHA1: f534fbfe610f4f22fe135d2f151a8cfce526f58a
SHA256: 18a31d90aca846c7cdeafcafc4092633e01b2373a58eedae644084c454b3dd26
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\0qdvmg\kslni5puyuj.flv, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\0qdvmg\kslni5puyuj.flv (Modified File)
c:\windows\temp\27.wncryt (Created File)
Size 69.46 KB (71127 bytes)
Hash Values MD5: 460630425c310ecc1c71dd5450cbef74
SHA1: b90d1dc1ce5af59889ae854f3137d8817a2d583a
SHA256: 9d05d74c19861871f2f11c6b88fadaf8d8a755798451f6d9bed22a550a0164f4
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\0qdvmg\ntjkr9csa.mp4.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\0qdvmg\ntjkr9csa.mp4.wncryt (Created File)
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\0qdvmg\ntjkr9csa.mp4.wncry (Created File)
Size 84.21 KB (86232 bytes)
Hash Values MD5: c44e0b52bfc6faab6166f6f995c03105
SHA1: 65a9b98a894b2430908085831ae5f00c82b387c1
SHA256: 0593c78de2d09db0bf2f50cbd45278afa1fda4e1aa50cafb615638d74119b528
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\0qdvmg\ntjkr9csa.mp4, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\0qdvmg\ntjkr9csa.mp4 (Modified File)
c:\windows\temp\28.wncryt (Created File)
Size 83.93 KB (85942 bytes)
Hash Values MD5: 4e5315bee5f649da6b5aa832486258d7
SHA1: b03381316170ea073025806d183ba5e3968665e9
SHA256: 54d7c454ae19d4f95c807d1d79f735ce26e34dffe2ebf6540fff58c2ea6ce35a
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\0qdvmg\nxds miu.odp.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\0qdvmg\nxds miu.odp.wncryt (Created File)
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\0qdvmg\nxds miu.odp.wncry (Created File)
Size 25.59 KB (26200 bytes)
Hash Values MD5: ce620ffb12daad223156420c81e89f46
SHA1: 99f0381eaf741b944cd9db8de55a61fd54aaba29
SHA256: 78c0840bc0b88471f469dfe96ac704384134b55d316b80d9f85df369184d9224
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\0qdvmg\nxds miu.odp, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\0qdvmg\nxds miu.odp (Modified File)
c:\windows\temp\29.wncryt (Created File)
Size 25.30 KB (25907 bytes)
Hash Values MD5: 844165575fa4df2cdd7f3441c3d0a4f2
SHA1: 56208cac2a0f8468421a6ebeb42d314ad37522c0
SHA256: f573e975438ad214fa16fe88c27ac4966921f7574962c1bf871c29f1b72ecf67
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\k8vahpvastg\2h9gjyzxutjtaj vlt76.ods.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\k8vahpvastg\2h9gjyzxutjtaj vlt76.ods.wncryt (Created File)
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\k8vahpvastg\2h9gjyzxutjtaj vlt76.ods.wncry (Created File)
Size 24.45 KB (25032 bytes)
Hash Values MD5: 4475f660c80fcc798bc38bfa610a5c1d
SHA1: 5dcf3f204f7a1e5cfccd7a104b3a36cb5c0fd0e6
SHA256: a0320f90e59ae3eb355040dfe89be684eb0411663835ebf88597e990386c5a7e
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\k8vahpvastg\2h9gjyzxutjtaj vlt76.ods, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\k8vahpvastg\2h9gjyzxutjtaj vlt76.ods (Modified File)
c:\windows\temp\30.wncryt (Created File)
Size 24.17 KB (24745 bytes)
Hash Values MD5: 9012bffc48a060afadbb185bd3c7692e
SHA1: 52f3f17a30fceb157c0ee0396f7bb27c079c280b
SHA256: a0147eff3e72ce55ee1856e4a60be490df4d0db746312021f3a426b2d62c7036
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\k8vahpvastg\9wcvzyuqncphgsqczkn.png.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\k8vahpvastg\9wcvzyuqncphgsqczkn.png.wncryt (Created File)
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\k8vahpvastg\9wcvzyuqncphgsqczkn.png.wncry (Created File)
Size 94.63 KB (96904 bytes)
Hash Values MD5: e07ff506d192e05ac03f058f313ce6b8
SHA1: 4c4d068af8be9ed258c0db34abedbabe8deb98bc
SHA256: 540d6f4bfcb7df4dd0b0dabc6329bba3885e377b1738790114434f3b83a678b8
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\k8vahpvastg\9wcvzyuqncphgsqczkn.png, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\k8vahpvastg\9wcvzyuqncphgsqczkn.png (Modified File)
c:\windows\temp\31.wncryt (Created File)
Size 94.35 KB (96618 bytes)
Hash Values MD5: 22c51aa402b5736b9a0c91dc2f3cf801
SHA1: 1afff4dacbbded60c13e1fe57cebed55356effc4
SHA256: 3917264d1cb61060ba8fed7316bdbfec1df23c13371da6f2e0339b1d34d20ba5
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\k8vahpvastg\kpyogarb2ozckx549d.flv.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\k8vahpvastg\kpyogarb2ozckx549d.flv.wncryt (Created File)
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\k8vahpvastg\kpyogarb2ozckx549d.flv.wncry (Created File)
Size 46.76 KB (47880 bytes)
Hash Values MD5: 29c5beb13186c334ff549f14192eebbf
SHA1: 452a67dd80d75f5315e7250522d0adae475c673b
SHA256: caab763449903cdfc503c74021f193addf894b9395af2886b71a578987cfa7ee
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\k8vahpvastg\kpyogarb2ozckx549d.flv, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\k8vahpvastg\kpyogarb2ozckx549d.flv (Modified File)
c:\windows\temp\32.wncryt (Created File)
Size 46.48 KB (47599 bytes)
Hash Values MD5: a6ee3de5f5b1b5f1523aca98958f726b
SHA1: 1242c3ce03bc4126a3129e14a3f4f35ad610791e
SHA256: 254e12e1115e48dc65ce16f7d3bcf3e0197f2883dcabe44be47b8d36d3cc55ea
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\k8vahpvastg\z8mf4.avi.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\k8vahpvastg\z8mf4.avi.wncryt (Created File)
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\k8vahpvastg\z8mf4.avi.wncry (Created File)
Size 79.80 KB (81720 bytes)
Hash Values MD5: 13152349d47b9d2dcb17a2c102262bb4
SHA1: 7b0c676d9086fa8551534e19fe4e91b41b457bca
SHA256: 547e61add2f2ba999ee1698022163b79083d9a64ad5f182771afca8aa910c8ec
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\k8vahpvastg\z8mf4.avi, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\k8vahpvastg\z8mf4.avi (Modified File)
c:\windows\temp\33.wncryt (Created File)
Size 79.53 KB (81440 bytes)
Hash Values MD5: 5446bfc868c5c6a2b360da05859e4771
SHA1: 7acdcc1eff402c249b05a90d93260836ea3f14f1
SHA256: d5b59fc4ae1516e7d2c41780b2d3c50bdab573400664185d61cdff839184523f
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\tey_zyonktol5ojrt0io.mp4.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\tey_zyonktol5ojrt0io.mp4.wncryt (Created File)
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\tey_zyonktol5ojrt0io.mp4.wncry (Created File)
Size 20.26 KB (20744 bytes)
Hash Values MD5: 5190687a5afa9a78b1e497b7b4942161
SHA1: a5727619935a4bff4473f6b015c9137fc5f54b51
SHA256: acf1ac2194c046e02c9a1c70c91107703a30286bd59d7b42eac173d7511f1052
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\tey_zyonktol5ojrt0io.mp4, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\tey_zyonktol5ojrt0io.mp4 (Modified File)
c:\windows\temp\34.wncryt (Created File)
Size 19.98 KB (20462 bytes)
Hash Values MD5: 1d36f7a0686f60622cbd1a9f0b3ae704
SHA1: 36eb1965bf99b9c96561ce3d282693f08698e5dc
SHA256: d8dd633bac02699aca5dfc655bd79693f7c1d539eec1e45291177306d4dfd84b
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\46ix9df9_1lvnwsx.mp3.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\46ix9df9_1lvnwsx.mp3.wncryt (Created File)
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\46ix9df9_1lvnwsx.mp3.wncry (Created File)
Size 7.30 KB (7480 bytes)
Hash Values MD5: 7e36c746b4ab036102163998824cf58c
SHA1: bafaa829c24d9f71d89d6b9070fa804a5901f2c6
SHA256: b8a33643c2dcd517db7deff4a4a459acd6f630e12a484ab03c41328a6a7b526c
Actions
c:\programdata\qxtqusdnjzrizx418\f.wnry
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\f.wnry (Created File)
Size 0.10 KB (106 bytes)
Hash Values MD5: 35127b2a5454914606b24bb01c185c86
SHA1: 88295b941fb048511649f5d07c33adeac14c7cb7
SHA256: ce0a30cb1eb0b57be12c006ef802133e146788b8140acc27348980e5ce21920d
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\46ix9df9_1lvnwsx.mp3, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\46ix9df9_1lvnwsx.mp3 (Modified File)
c:\windows\temp\35.wncryt (Created File)
Size 7.03 KB (7197 bytes)
Hash Values MD5: 9af03dd5021216dc163f64a5ba1ddbb3
SHA1: ef974ecebd6100f3d2a52fbb2eefdfd84e1e8fdd
SHA256: b282bde4234e49ad5331d8af5bb0f444fb7087e5330adac4a319dab097169980
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\93pm.gif.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\93pm.gif.wncryt (Created File)
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\93pm.gif.wncry (Created File)
Size 11.60 KB (11880 bytes)
Hash Values MD5: 918ea8d5d58af1eb46aff89900be220f
SHA1: da4ff7a82cd64133e4710f4f5f51f16749f673b9
SHA256: 7a47e96786ead3632934d2c334e7beb0833579d533260c0de9a077dd97a8d9a6
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\93pm.gif, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\93pm.gif (Modified File)
c:\windows\temp\36.wncryt (Created File)
Size 11.32 KB (11589 bytes)
Hash Values MD5: 30ecbe3e88053d2db59a2bdbfbfb02ea
SHA1: 36d6978f04ab4d5b28e1e565bbacca337d6ffd3e
SHA256: 2e873efdb4a95bb9ff963dae428fd571b7a6793397ee78640ba556972f177d55
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\cxy8v.mp4.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\cxy8v.mp4.wncryt (Created File)
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\cxy8v.mp4.wncry (Created File)
Size 97.12 KB (99448 bytes)
Hash Values MD5: ec43ed8ee82a2481f7733398185295cf
SHA1: 17336caa449328b825daa13317bf9c3257798713
SHA256: d2c2ff9520594a8824da8f1bbef5eeb921caec4bf5168eb132bf1bf2451a70b2
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\cxy8v.mp4, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\cxy8v.mp4 (Modified File)
c:\windows\temp\37.wncryt (Created File)
Size 96.84 KB (99165 bytes)
Hash Values MD5: 28045a99aa39e866a7b8930e31fa160d
SHA1: 69ce406319f6181792c79242c699291e7cb2f0a2
SHA256: 3f09489599f796006488694cee2b1a0b03f8b4022f4011623273504b20617ac9
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\xmeixq lmabg-zgr7mpc.bmp.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\xmeixq lmabg-zgr7mpc.bmp.wncryt (Created File)
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\xmeixq lmabg-zgr7mpc.bmp.wncry (Created File)
Size 3.80 KB (3896 bytes)
Hash Values MD5: c6b7b8e77c2c59e9446c80ee9d8447ff
SHA1: 60694fbda21c8893eb4d0cfb589fc5f3d3793774
SHA256: a182b436cc0a8e27c4de43042584ca1dc29d7b2c705a835a390040b237f50bc8
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\xmeixq lmabg-zgr7mpc.bmp, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\xmeixq lmabg-zgr7mpc.bmp (Modified File)
c:\windows\temp\38.wncryt (Created File)
Size 3.53 KB (3616 bytes)
Hash Values MD5: 0da0bc05834a09e9c9b5337d6d8cb5d6
SHA1: dba913b8f245d10d20f0be6aca84f02160a37ac3
SHA256: 2c458697e529346aa8f464a64407e2e2719b709f31b7dc7a5370a0364002dff2
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\yg84pi.avi.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\yg84pi.avi.wncryt (Created File)
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\yg84pi.avi.wncry (Created File)
Size 36.10 KB (36968 bytes)
Hash Values MD5: 598e15dd285eb3d66c64df6121976f04
SHA1: c63a4da15b365e72f1f96993d90e09b70faa618a
SHA256: 9bfd53f84cfa5bb82829642ca4ac695f5d5e5efdde976ef397ab4cc698f2a045
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\yg84pi.avi, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\yg84pi.avi (Modified File)
c:\windows\temp\39.wncryt (Created File)
Size 35.83 KB (36687 bytes)
Hash Values MD5: 0d5ce33354ab5486ae5a5a4a2a892a4b
SHA1: ac85d86a7b274a5c1133e17afbc548a7b3f0f985
SHA256: 63e0af48e7d0fabd7e0b1f7c79f14f6282df4a48c67fe4155ac86d7b18f2c3ef
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\yoo37jp7q.wav.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\yoo37jp7q.wav.wncryt (Created File)
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\yoo37jp7q.wav.wncry (Created File)
Size 69.70 KB (71368 bytes)
Hash Values MD5: 011b98edcebdd2b93780d56f40dea4a7
SHA1: d557ec9ae22d5531fe454900d681e593fff065d3
SHA256: 234f29a516234fbf16422026e4e1443f6b6422f0c4125c0fd501a82c4eeb85ab
Actions
c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\yoo37jp7q.wav, ...
-
File Properties
Names c:\users\dssdpmx042\desktop\pgm8zh2abxrdyc7agszx\lsxsfgzrgx3ysj1\2tpofaj-rucn\yoo37jp7q.wav (Modified File)
c:\windows\temp\40.wncryt (Created File)
Size 69.42 KB (71084 bytes)
Hash Values MD5: 885026e6c8b6916cfbc21acd4fb382cd
SHA1: 0b65bbb4a1269bf0665e7f20dd5ccf8e2ee91199
SHA256: ef32e2d69dc403ffa40bfe3eea01046a4c19c6e91dc747c3ecc8e2356fbd68ee
Actions
c:\users\dssdpmx042\documents\5dwumhpov0ond.doc.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\5dwumhpov0ond.doc.wncryt (Created File)
c:\users\dssdpmx042\documents\5dwumhpov0ond.doc.wncry (Created File)
Size 88.74 KB (90872 bytes)
Hash Values MD5: 5cd1ca8dfb2aa81a21266f546f9552a7
SHA1: 7c55a6644b51feecf1fd63bd57859b85d4a88cff
SHA256: 46d4de7f6004cb170e102a5df911a25e1983561d1f0a54846eb05e03557eab11
Actions
c:\users\dssdpmx042\documents\5dwumhpov0ond.doc, ...
-
File Properties
Names c:\users\dssdpmx042\documents\5dwumhpov0ond.doc (Modified File)
c:\windows\temp\41.wncryt (Created File)
Size 88.46 KB (90586 bytes)
Hash Values MD5: 7b4719663f563124060ac78818ce7dfa
SHA1: 8a0b937437f6e7eddf421f453581feced2b0df29
SHA256: b977874f39c95c1efa40690e8e9d03d3b19224d25cbdc1e5299d812d31a37eac
Actions
c:\users\dssdpmx042\documents\5pfcgtj7-40fzu.docx.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\5pfcgtj7-40fzu.docx.wncryt (Created File)
c:\users\dssdpmx042\documents\5pfcgtj7-40fzu.docx.wncry (Created File)
Size 86.54 KB (88616 bytes)
Hash Values MD5: 4961339ad55c3f7284c8d5c3cfb1c588
SHA1: 9f24ea8c8c9d397802e4d701903778a8a4151e01
SHA256: e395ffb96f203ef7fe098ef30fadb17ad4325583dbd5e59c4d23bb7364c615a3
Actions
c:\users\dssdpmx042\documents\5pfcgtj7-40fzu.docx, ...
-
File Properties
Names c:\users\dssdpmx042\documents\5pfcgtj7-40fzu.docx (Modified File)
c:\windows\temp\42.wncryt (Created File)
Size 86.26 KB (88331 bytes)
Hash Values MD5: 3adafc6adbf55d82780ba02cdfc4a9a6
SHA1: 038b306aa9adb6284801b705ea088d4bb016766e
SHA256: d7f7ebff15f058ba19d13d412cb3ab48a3eee01e65e08ac842a08ea6c01d820f
Actions
c:\users\dssdpmx042\documents\9c54.docx.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\9c54.docx.wncryt (Created File)
c:\users\dssdpmx042\documents\9c54.docx.wncry (Created File)
Size 81.54 KB (83496 bytes)
Hash Values MD5: 5e8095a6c45f39308e7ec68c75f9c898
SHA1: 3f23141da091e760669a1fadad04a0b6128682c2
SHA256: bfd2703601807a8932434ee73734546ffe29daa748136f0a22446382c459fbb2
Actions
c:\users\dssdpmx042\documents\9c54.docx, ...
-
File Properties
Names c:\users\dssdpmx042\documents\9c54.docx (Modified File)
c:\windows\temp\43.wncryt (Created File)
Size 81.26 KB (83207 bytes)
Hash Values MD5: ae461238070b6531fa0bb800809aab8e
SHA1: aa7e15a8348fada29f15677ad1dddb25707f4286
SHA256: 5ae50a494b4a51b6042aa6a1efa621043ad8be8bea155db4b6b9e67318e1b0f4
Actions
c:\users\dssdpmx042\documents\axmcb.docx.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\axmcb.docx.wncryt (Created File)
c:\users\dssdpmx042\documents\axmcb.docx.wncry (Created File)
Size 78.85 KB (80744 bytes)
Hash Values MD5: 61a26f28ac8d733442ea25b98f413412
SHA1: aeaa07f50147c27635028b24ee8904cbcbed7d18
SHA256: 478d64feeee94df5f82a63e4d92934807a048c1ae0c3037f87074f16c84daf91
Actions
c:\users\dssdpmx042\documents\axmcb.docx, ...
-
File Properties
Names c:\users\dssdpmx042\documents\axmcb.docx (Modified File)
c:\windows\temp\44.wncryt (Created File)
Size 78.57 KB (80457 bytes)
Hash Values MD5: bf758fbe1c9a31d27d536c27b930ec71
SHA1: 50c8f19a242c17806c77768d178222fb50766684
SHA256: 8096b205eb794f01aee52f0f8e6ab9aa5f66ac2962fa0d2cac566b59699d0b06
Actions
c:\users\dssdpmx042\documents\f8t0d1hl8mulgw0ye.pptx.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\f8t0d1hl8mulgw0ye.pptx.wncryt (Created File)
c:\users\dssdpmx042\documents\f8t0d1hl8mulgw0ye.pptx.wncry (Created File)
Size 8.87 KB (9080 bytes)
Hash Values MD5: 40bb90d66c5f11d1244e8868f0df7a8d
SHA1: 888f790ee9908192c343432f404b100df1d595f2
SHA256: 3a7b2025f679c4a2d047a1f0b7528630cbbe33583298da2b6963958c59daa961
Actions
c:\users\dssdpmx042\documents\f8t0d1hl8mulgw0ye.pptx, ...
-
File Properties
Names c:\users\dssdpmx042\documents\f8t0d1hl8mulgw0ye.pptx (Modified File)
c:\windows\temp\45.wncryt (Created File)
Size 8.59 KB (8796 bytes)
Hash Values MD5: 4b693f09a32b1b71341ae634198c000c
SHA1: 330b95e1a69d187d245832ab5bd57d9b56503f04
SHA256: 9e269533e183cb97af9a93c0c0a591e818e7cf6a95a3762876e6d97f7450723e
Actions
c:\users\dssdpmx042\documents\g9fp hftlrgz5w.xls.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\g9fp hftlrgz5w.xls.wncryt (Created File)
c:\users\dssdpmx042\documents\g9fp hftlrgz5w.xls.wncry (Created File)
Size 75.55 KB (77368 bytes)
Hash Values MD5: ea1ea3478f0d315ff1b9ff0921da93ca
SHA1: b1913745660ddb9cff1ef35e368c8d65b23c85d5
SHA256: 9b403af845f575b7896fdeb815f2f2b6e7f05ec16cad9d9be89ce81c5588edc3
Actions
c:\users\dssdpmx042\documents\g9fp hftlrgz5w.xls, ...
-
File Properties
Names c:\users\dssdpmx042\documents\g9fp hftlrgz5w.xls (Modified File)
c:\windows\temp\46.wncryt (Created File)
Size 75.28 KB (77086 bytes)
Hash Values MD5: 6c5559445301f20828f842dd1ab86e9b
SHA1: 74b8f43cfa8591853c28b721ae5d59bb48de049e
SHA256: 8f3bd67a9e935fadf801109dfba0e56c4581a013c07ba5bc39d291327201cde8
Actions
c:\users\dssdpmx042\documents\gmphr0w6rrpdhpbef.csv.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\gmphr0w6rrpdhpbef.csv.wncryt (Created File)
c:\users\dssdpmx042\documents\gmphr0w6rrpdhpbef.csv.wncry (Created File)
Size 34.93 KB (35768 bytes)
Hash Values MD5: a8e78ee640cd053edfe59be041b389fc
SHA1: fad09c2d3f9a1c5f29d4742c839fd6ac054a872b
SHA256: 951bbb0c3c2add70210bc959caede15d839aac49cbdeb70fc768357da325a1e4
Actions
c:\users\dssdpmx042\documents\gmphr0w6rrpdhpbef.csv, ...
-
File Properties
Names c:\users\dssdpmx042\documents\gmphr0w6rrpdhpbef.csv (Modified File)
c:\windows\temp\47.wncryt (Created File)
Size 34.65 KB (35484 bytes)
Hash Values MD5: 120cb113696e0e266b6f9e7bfecdc43b
SHA1: 70948f4b3189dbb4bf3b19a2041d35d20d9f83e1
SHA256: da733081e50b262e9b1c3400acd721ad5486573e658744efd43077c21dbab505
Actions
c:\users\dssdpmx042\documents\gpimnirm chkjuih.xlsx.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\gpimnirm chkjuih.xlsx.wncryt (Created File)
c:\users\dssdpmx042\documents\gpimnirm chkjuih.xlsx.wncry (Created File)
Size 56.26 KB (57608 bytes)
Hash Values MD5: ebf823308be529d8144053f4872232c7
SHA1: 27791f691037e9bde53c2c60ee32e1f7ab4ae901
SHA256: ab23c144a94abd91a8bb582e9db178ac625e8b1165a9050469c2af396641bfe2
Actions
c:\users\dssdpmx042\documents\gpimnirm chkjuih.xlsx, ...
-
File Properties
Names c:\users\dssdpmx042\documents\gpimnirm chkjuih.xlsx (Modified File)
c:\windows\temp\48.wncryt (Created File)
Size 55.98 KB (57320 bytes)
Hash Values MD5: 60d7298b497d526794097930c8df889b
SHA1: b555bb6676b76cad5b3018f8b42434ab7602dc9d
SHA256: 9363dcf055703a520573c56108c882b785e4ab62e4d3b14d89fbf64bfe8a6b9f
Actions
c:\users\dssdpmx042\documents\hemk7ngcvjguirn6.xlsx.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\hemk7ngcvjguirn6.xlsx.wncryt (Created File)
c:\users\dssdpmx042\documents\hemk7ngcvjguirn6.xlsx.wncry (Created File)
Size 19.95 KB (20424 bytes)
Hash Values MD5: 2326ea3caf9d0d08cf140fb253ce0a42
SHA1: a224496e8b68731d2240d5d1afd2036f06a76456
SHA256: 7e7272378f15f012886c9ba081e604a0c7eeaaf4d0111768a397216233cd7007
Actions
c:\users\dssdpmx042\documents\hemk7ngcvjguirn6.xlsx, ...
-
File Properties
Names c:\users\dssdpmx042\documents\hemk7ngcvjguirn6.xlsx (Modified File)
c:\windows\temp\49.wncryt (Created File)
Size 19.66 KB (20129 bytes)
Hash Values MD5: b280956170742c7231aa1e0774077012
SHA1: 61b0e5dd9196bd48996a3cdcadb365b3479fbfdb
SHA256: 6b541655e39506efacf5fd6f58a51f88be44e0e0559daa54c4c93d23ea332ded
Actions
c:\users\dssdpmx042\documents\kqsfgiuuv7macle5kbe.pptx.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\kqsfgiuuv7macle5kbe.pptx.wncryt (Created File)
c:\users\dssdpmx042\documents\kqsfgiuuv7macle5kbe.pptx.wncry (Created File)
Size 45.99 KB (47096 bytes)
Hash Values MD5: 2a1643792f60e24d426a82d297818b09
SHA1: 3f863ea5bf7621532c88ca42ed6d8f84a91b2534
SHA256: 6893f70d1b0068fea1d15ef0b34f956f50b18bca3ac2b3fe7c8cf10fef8c70eb
Actions
c:\users\dssdpmx042\documents\kqsfgiuuv7macle5kbe.pptx, ...
-
File Properties
Names c:\users\dssdpmx042\documents\kqsfgiuuv7macle5kbe.pptx (Modified File)
c:\windows\temp\50.wncryt (Created File)
Size 45.72 KB (46813 bytes)
Hash Values MD5: a550f72aed62c6babcda15ddd662d1fe
SHA1: dcc2cd3885a5ba763d130f7aaa69299433a28585
SHA256: 1d507d8e1dfcf0ea5d1f20342ab2bc79043f1cff82906bbea250e5db028b73e4
Actions
c:\users\dssdpmx042\documents\lsifcdcb6tbfbadh2jc.pptx.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\lsifcdcb6tbfbadh2jc.pptx.wncryt (Created File)
c:\users\dssdpmx042\documents\lsifcdcb6tbfbadh2jc.pptx.wncry (Created File)
Size 1.99 KB (2040 bytes)
Hash Values MD5: 0dc53b0a39c20744cd3b5871a9a24d0e
SHA1: f9c911c7ba77fe6ef6c4cfd12ab7bb8869e3b03d
SHA256: 47143141fb18d1eec4acec4618f6aa320342e3a0fe96fca1785218817297df8e
Actions
c:\users\dssdpmx042\documents\lsifcdcb6tbfbadh2jc.pptx, ...
-
File Properties
Names c:\users\dssdpmx042\documents\lsifcdcb6tbfbadh2jc.pptx (Modified File)
c:\windows\temp\51.wncryt (Created File)
Size 1.72 KB (1757 bytes)
Hash Values MD5: 3fad5bfe2edc9098357b199206d6c5d3
SHA1: c7a51b071311100f639fa2af870bb02295e9254b
SHA256: 3eab663a2ef52cb706825f5d246f9654ff0b6c2704f9807348c6eb6d142929d6
Actions
c:\users\dssdpmx042\documents\lu6w3pxpu3ca.xlsx.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\lu6w3pxpu3ca.xlsx.wncryt (Created File)
c:\users\dssdpmx042\documents\lu6w3pxpu3ca.xlsx.wncry (Created File)
Size 13.93 KB (14264 bytes)
Hash Values MD5: e328c6b7d836a4e1f3fa5d3b2c21ab32
SHA1: cb1e1c52bf79ace030cde923f00fc04527d0c3c4
SHA256: ff3b0cfd0a4cf0fde14f0e0ce1adfbb22b348d9c7d5d3851415a011b9fcaf974
Actions
c:\users\dssdpmx042\documents\lu6w3pxpu3ca.xlsx, ...
-
File Properties
Names c:\users\dssdpmx042\documents\lu6w3pxpu3ca.xlsx (Modified File)
c:\windows\temp\52.wncryt (Created File)
Size 13.65 KB (13981 bytes)
Hash Values MD5: cc50b26ec5e479497c4db36960c98a6b
SHA1: f707a427f79a5438939f1983100a034cd3f96976
SHA256: ea064a645e33601ed1b1c1872c4e6e7bc64e5b8ddc0a8b047af8b64592b5597d
Actions
c:\users\dssdpmx042\documents\ly7o.pptx.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\ly7o.pptx.wncryt (Created File)
c:\users\dssdpmx042\documents\ly7o.pptx.wncry (Created File)
Size 48.37 KB (49528 bytes)
Hash Values MD5: 6496a48f2742ff65421213bc1aa77f9e
SHA1: 1b2f5f80bc33ce2ff2671585710d0a7f43a95bdf
SHA256: 65d1023e07683b3377d65d11228a038b7a7f832f33573638ed482f6b551f11d8
Actions
c:\users\dssdpmx042\documents\ly7o.pptx, ...
-
File Properties
Names c:\users\dssdpmx042\documents\ly7o.pptx (Modified File)
c:\windows\temp\53.wncryt (Created File)
Size 48.09 KB (49248 bytes)
Hash Values MD5: 1258f6d64cb376de70876485e928c7d4
SHA1: 8a755a579b451e87da048c9fcf8b7335b1df88e4
SHA256: 42bb3c968a6ef5896f8b1727a4feeeb12ff4eb941e51c3d76f527f286a9c3fe5
Actions
c:\users\dssdpmx042\documents\qocbs.docx.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\qocbs.docx.wncryt (Created File)
c:\users\dssdpmx042\documents\qocbs.docx.wncry (Created File)
Size 58.49 KB (59896 bytes)
Hash Values MD5: 8add904e6aa329dcb0948b1d35748c66
SHA1: c8444b6e3e6d19d88b36c5292a5a299f56d9584c
SHA256: 132281cd205e70d06273b3dd4a6d983e85eaa6b66df62c30a5dd51b78d23badb
Actions
c:\users\dssdpmx042\documents\qocbs.docx, ...
-
File Properties
Names c:\users\dssdpmx042\documents\qocbs.docx (Modified File)
c:\windows\temp\54.wncryt (Created File)
Size 58.21 KB (59605 bytes)
Hash Values MD5: 3d4c21badfd24eeda7b6247907454171
SHA1: 536a3526e945e93572a227124ccc88a0c45c6e66
SHA256: ed01cfbcdbdb135fbd25188ea82429a93d49e0560ac51a9ae7987052d1e80bba
Actions
c:\users\dssdpmx042\documents\tcrd9un1_myjq-.pptx.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\tcrd9un1_myjq-.pptx.wncryt (Created File)
c:\users\dssdpmx042\documents\tcrd9un1_myjq-.pptx.wncry (Created File)
Size 92.55 KB (94776 bytes)
Hash Values MD5: dc4f5d38a9683680c51c6fc18240cff7
SHA1: 771c3327a78aa01838b4a0df113b08620f4389db
SHA256: 8dd56bebd69b5267beed0366ffb62fe652b3b6af4adc5ea759542421a17bde37
Actions
c:\users\dssdpmx042\documents\tcrd9un1_myjq-.pptx, ...
-
File Properties
Names c:\users\dssdpmx042\documents\tcrd9un1_myjq-.pptx (Modified File)
c:\windows\temp\55.wncryt (Created File)
Size 92.28 KB (94495 bytes)
Hash Values MD5: aeb5c98fc0bbb455cc54a5b142b0c4c8
SHA1: e914c842b2f4b04a1ab4fcea50b6fcfc9aad82af
SHA256: 818eab6f3a058bdd4f00c59e409ee804aadaaa036979ff32501e3ecac614eca0
Actions
c:\users\dssdpmx042\documents\wv7vnssgbfodzvw.xlsx.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\wv7vnssgbfodzvw.xlsx.wncryt (Created File)
c:\users\dssdpmx042\documents\wv7vnssgbfodzvw.xlsx.wncry (Created File)
Size 84.26 KB (86280 bytes)
Hash Values MD5: 947d94a76f8119c48ad63eeb6e55a79b
SHA1: b4559d766f389f77b5bdd6cdfd692256c25b262d
SHA256: f30e855210819eb39eb0804f5c3d0180d3914d94179bd7e4444ee3b4c20f759b
Actions
c:\users\dssdpmx042\documents\wv7vnssgbfodzvw.xlsx, ...
-
File Properties
Names c:\users\dssdpmx042\documents\wv7vnssgbfodzvw.xlsx (Modified File)
c:\windows\temp\56.wncryt (Created File)
Size 83.98 KB (85999 bytes)
Hash Values MD5: 931214ce153e5f8cfd7b90b90ac67c8d
SHA1: 79ff691683832148fb21e2cbcc63f13ac827066d
SHA256: c4892939c832a3b7fcc13e43765e0a177604bfe7f7ab51e52df7135f675e5b7b
Actions
c:\users\dssdpmx042\documents\yzoy0uk.pptx.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\yzoy0uk.pptx.wncryt (Created File)
c:\users\dssdpmx042\documents\yzoy0uk.pptx.wncry (Created File)
Size 57.09 KB (58456 bytes)
Hash Values MD5: aead00b48de4e725c391784011584430
SHA1: 3b5d3c6d2f3e095b0b9ab5fabe838d5b8bce5f7e
SHA256: fbefc80f7687f4b415f1aa8d153cd2d2b1396c68e749318c643f3ac44872aa67
Actions
c:\users\dssdpmx042\documents\yzoy0uk.pptx, ...
-
File Properties
Names c:\users\dssdpmx042\documents\yzoy0uk.pptx (Modified File)
c:\windows\temp\57.wncryt (Created File)
Size 56.81 KB (58175 bytes)
Hash Values MD5: 86930dbaa7b2aea29f7cf02911f92736
SHA1: c60291c5f2d992117b22512de6c5f5b12686dce7
SHA256: 54790de48597d703753a392c5fd9e6130b27e37b37d4a53adc0fcde15a12f514
Actions
c:\users\dssdpmx042\documents\zwklqrq2nlske44p.xlsx.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\zwklqrq2nlske44p.xlsx.wncryt (Created File)
c:\users\dssdpmx042\documents\zwklqrq2nlske44p.xlsx.wncry (Created File)
Size 63.93 KB (65464 bytes)
Hash Values MD5: 10ee0e66780fdad772edc8d351d56c74
SHA1: bf377e04de7c64f673637d0c897241425ac7b5bf
SHA256: bfb274059900a588b4320677c3d59086cbcfc1bdd61baaa7d08b2b3500b29210
Actions
c:\users\dssdpmx042\documents\zwklqrq2nlske44p.xlsx, ...
-
File Properties
Names c:\users\dssdpmx042\documents\zwklqrq2nlske44p.xlsx (Modified File)
c:\windows\temp\58.wncryt (Created File)
Size 63.65 KB (65176 bytes)
Hash Values MD5: 1ad282e3fd9eeeacdd2666cbda58294c
SHA1: 5948bc29d1a978890f11abd5ca47b00b642c0fe1
SHA256: 2a427d0f08b69a933cb7df0b5903dcdcaa612d105b5cc7ae9d69f4a8f9858077
Actions
c:\users\dssdpmx042\documents\_xgwdcsgf mjc6 j.docx.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\_xgwdcsgf mjc6 j.docx.wncryt (Created File)
c:\users\dssdpmx042\documents\_xgwdcsgf mjc6 j.docx.wncry (Created File)
Size 63.38 KB (64904 bytes)
Hash Values MD5: 0354e75732608572e36c251c08f7833e
SHA1: dde0aaf7db8f268c2925442474026b124c82fcc9
SHA256: beb67cc0f9c4a664efe97567048b932a9b8eae442e2c8c511fa8c88f167c938e
Actions
c:\users\dssdpmx042\documents\_xgwdcsgf mjc6 j.docx, ...
-
File Properties
Names c:\users\dssdpmx042\documents\_xgwdcsgf mjc6 j.docx (Modified File)
c:\windows\temp\59.wncryt (Created File)
Size 63.11 KB (64620 bytes)
Hash Values MD5: 1961e28a4c32795a61d27fc07e37b5d8
SHA1: ba771e48ab8f292b056a72a8bbe3f2804937065a
SHA256: dd52219c6850d462be8a9f1c61730f9fa69d21652d0a6379e955b20085bc524b
Actions
c:\programdata\qxtqusdnjzrizx418\@wanadecryptor@.exe.lnk, ...
-
File Properties
Names c:\programdata\qxtqusdnjzrizx418\@wanadecryptor@.exe.lnk (Created File)
c:\users\dssdpmx042\documents\z-zdwb\@wanadecryptor@.exe.lnk (Created File)
c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\@wanadecryptor@.exe.lnk (Created File)
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\@wanadecryptor@.exe.lnk (Created File)
c:\programdata\microsoft\user account pictures\@wanadecryptor@.exe.lnk (Created File)
c:\programdata\microsoft\user account pictures\default pictures\@wanadecryptor@.exe.lnk (Created File)
c:\programdata\microsoft\windows\caches\@wanadecryptor@.exe.lnk (Created File)
c:\programdata\microsoft\windows\ringtones\@wanadecryptor@.exe.lnk (Created File)
c:\programdata\microsoft\windows nt\msscan\@wanadecryptor@.exe.lnk (Created File)
Size 0.71 KB (722 bytes)
Hash Values MD5: c69be77ccaca2ede8ebdefea19f6d6c3
SHA1: d1c170e7e309646976cd3658fe76c1e4ac3c25c4
SHA256: 44cdc3b10641bf50ff9a233db4280af408981de0c05e926fe7d05da67bcac00f
Actions
c:\users\dssdpmx042\documents\z-zdwb\-nap.rtf.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\-nap.rtf.wncryt (Created File)
c:\users\dssdpmx042\documents\z-zdwb\-nap.rtf.wncry (Created File)
Size 21.30 KB (21816 bytes)
Hash Values MD5: b36c35593d083ddf7547827347d39cc7
SHA1: 29e3b417a58ba7b7db80d7b84d40193556ee83a6
SHA256: 37ed672b145e1803050e200fbe860dd3d353b6d2f1dc2f65c1491fdc4229d89b
Actions
c:\users\dssdpmx042\documents\z-zdwb\-nap.rtf, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\-nap.rtf (Modified File)
c:\windows\temp\60.wncryt (Created File)
Size 21.03 KB (21536 bytes)
Hash Values MD5: cecdad5abb1b75d5db65b7ef7cd542a4
SHA1: f20dabaff1e8340e2233217a25d2918fee421686
SHA256: 323ce77226780d0fdc1186c796be6281c78df407b2eab568d9845af395609c89
Actions
c:\users\dssdpmx042\documents\z-zdwb\9o_u.pdf.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\9o_u.pdf.wncryt (Created File)
c:\users\dssdpmx042\documents\z-zdwb\9o_u.pdf.wncry (Created File)
Size 75.29 KB (77096 bytes)
Hash Values MD5: 5d08529339630f24571c92fbd3992aae
SHA1: d63d5b57f7c272146f93235de01bbb9120cc5bcc
SHA256: 56fa98d85ec8de11310ee0ac61f380d8e810b7efc97835fae225070bca64d64d
Actions
c:\users\dssdpmx042\documents\z-zdwb\9o_u.pdf, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\9o_u.pdf (Modified File)
c:\windows\temp\61.wncryt (Created File)
Size 75.00 KB (76804 bytes)
Hash Values MD5: 21cafd01feabc0d58c709dfc6ef05d65
SHA1: b9e68d1187fb47a1d2f666c19394de4ab6f135ae
SHA256: 00f219d2d9d0cbdcff5a7ae7c0780913045250978295c1abda42240092418d7b
Actions
c:\users\dssdpmx042\documents\z-zdwb\k6fadynloup1zicvtg0o.xlsx.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\k6fadynloup1zicvtg0o.xlsx.wncryt (Created File)
c:\users\dssdpmx042\documents\z-zdwb\k6fadynloup1zicvtg0o.xlsx.wncry (Created File)
Size 3.24 KB (3320 bytes)
Hash Values MD5: 4126eb86b4b4ab771e49dc39a1e52993
SHA1: e36773b39e10c135859ca68e7dbfece5ac69454d
SHA256: 621d4801970f53e9cb9e3e6d3f724894cde1dc663a792dffd1f2ebba06592794
Actions
c:\users\dssdpmx042\documents\z-zdwb\k6fadynloup1zicvtg0o.xlsx, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\k6fadynloup1zicvtg0o.xlsx (Modified File)
c:\windows\temp\62.wncryt (Created File)
Size 2.96 KB (3028 bytes)
Hash Values MD5: 4f104bbefefe0f7d0959c59860259086
SHA1: 79543c507b0539c690e8ac6586265b76dd5245bc
SHA256: 22a3c0b1e5d9f502796d86b9318e251159810826bea717265fbbb76ff9bdc39d
Actions
c:\users\dssdpmx042\documents\z-zdwb\p3k5i8nny2aq5c.pptx.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\p3k5i8nny2aq5c.pptx.wncryt (Created File)
c:\users\dssdpmx042\documents\z-zdwb\p3k5i8nny2aq5c.pptx.wncry (Created File)
Size 68.82 KB (70472 bytes)
Hash Values MD5: a1ab2a95f917a27cc8b15db1df7a81e1
SHA1: 843f05b790d04d2879219809db68d36dcd7545d9
SHA256: c55253706205be062f3c730f7f01fbed2c93d798485aec9ac5a62bc95d5575d8
Actions
c:\users\dssdpmx042\documents\z-zdwb\p3k5i8nny2aq5c.pptx, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\p3k5i8nny2aq5c.pptx (Modified File)
c:\windows\temp\63.wncryt (Created File)
Size 68.54 KB (70185 bytes)
Hash Values MD5: 02b5650258010bdd049469c2aec4c616
SHA1: a377ec184c0185337e67e8555d378f97a89b26b5
SHA256: e91adf45cba76dbc14b1c03b5e8569749f8eda778464f169b42a141d8d7b5255
Actions
c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\y5sy7wjt_a7krqnidgx.xlsx.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\y5sy7wjt_a7krqnidgx.xlsx.wncryt (Created File)
c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\y5sy7wjt_a7krqnidgx.xlsx.wncry (Created File)
Size 28.84 KB (29528 bytes)
Hash Values MD5: 94454b1b7bf4c60372cc32e2d31c9f74
SHA1: 4c06ba9f38010bfe538638ffb273c4de81348bb2
SHA256: 5a6e4363ec57b42b176109945c1458717c8b488441678f05bd809369592346bb
Actions
c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\y5sy7wjt_a7krqnidgx.xlsx, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\y5sy7wjt_a7krqnidgx.xlsx (Modified File)
c:\windows\temp\64.wncryt (Created File)
Size 28.56 KB (29241 bytes)
Hash Values MD5: e31b79f1593b60a4c127504e81d18720
SHA1: e9151dd6ace36881599ff4c38f3c52f2384a9adb
SHA256: 20d7f4312a6e0229b59b87002478ba748dbbbca610c443ea4f07fdb70d08d015
Actions
c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\3e4ho\sbxkqajovxqwlt.csv.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\3e4ho\sbxkqajovxqwlt.csv.wncryt (Created File)
c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\3e4ho\sbxkqajovxqwlt.csv.wncry (Created File)
Size 82.04 KB (84008 bytes)
Hash Values MD5: c9609ed1e598fb01eee1c160c9f10a65
SHA1: 2a88ef6e56f0c69bf8ae6c03a059bc87b9959d1d
SHA256: 301b811e145e995bca74c7787b3a087d2d44af6d7da66b1e4f8ba3313ebda2fa
Actions
c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\3e4ho\sbxkqajovxqwlt.csv, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\3e4ho\sbxkqajovxqwlt.csv (Modified File)
c:\windows\temp\65.wncryt (Created File)
Size 81.76 KB (83722 bytes)
Hash Values MD5: 88d8778d2d81709d95857cb684c4f30f
SHA1: 5be079e4770322d83a41b04421843d001586f795
SHA256: 692a493c5db7fb547428159737e4dbec507848f6b30365dc3e0420ea4e338852
Actions
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\fxxfw-17sc6wh.ppt.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\fxxfw-17sc6wh.ppt.wncryt (Created File)
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\fxxfw-17sc6wh.ppt.wncry (Created File)
Size 8.04 KB (8232 bytes)
Hash Values MD5: cdf30bdf3217e0c9e605bd6483ff8902
SHA1: 2edecab56087c398016d317fe25ba84f5bfee01f
SHA256: 5a481db85d82f41131c451e45efbf6dc5ff888a982064075c4f55d1006f9d9c4
Actions
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\fxxfw-17sc6wh.ppt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\fxxfw-17sc6wh.ppt (Modified File)
c:\windows\temp\66.wncryt (Created File)
Size 7.76 KB (7949 bytes)
Hash Values MD5: 1634c2e3e1f0f12ba48862f15739c995
SHA1: 91d91a766456e80de1ba6d50cbc5ebd2fb29328d
SHA256: 7fd0d4790d94bad15341c13d302b89d05648e09e6c6d7441e6c4a8263b2043fd
Actions
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\vshy_qomhsb5w.ppt.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\vshy_qomhsb5w.ppt.wncryt (Created File)
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\vshy_qomhsb5w.ppt.wncry (Created File)
Size 28.60 KB (29288 bytes)
Hash Values MD5: e9b0677a2f33f32c854a4b364a06b18c
SHA1: 101b43668b4b11b2172bfa31ff935652dae67cbe
SHA256: 8877211f9341dd57e75219e70fa2949e598c21d6316602650b176c99be4188a6
Actions
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\vshy_qomhsb5w.ppt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\vshy_qomhsb5w.ppt (Modified File)
c:\windows\temp\67.wncryt (Created File)
Size 28.33 KB (29005 bytes)
Hash Values MD5: fed314c2b4198d796d7e2317404b29cb
SHA1: f5cc18350f508df5d2e1b8f5e7d12242b8c28415
SHA256: 146504c3064a5b012307ed3b8f901f8264d2a8c2f305558831e91719f7579faa
Actions
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\tedc-nspy xfvlw3\coafenjkmrn.xlsx.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\tedc-nspy xfvlw3\coafenjkmrn.xlsx.wncryt (Created File)
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\tedc-nspy xfvlw3\coafenjkmrn.xlsx.wncry (Created File)
Size 26.27 KB (26904 bytes)
Hash Values MD5: 9013b1403893ea3c5b380dde675f37f6
SHA1: 7e016c8d3d4a1335b850b72910ede986c55007c5
SHA256: cda8e3f3a8996426e9a7bf66dd38ee59cc60ed04e9e2d94d668c5727d975c8fe
Actions
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\tedc-nspy xfvlw3\coafenjkmrn.xlsx, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\tedc-nspy xfvlw3\coafenjkmrn.xlsx (Modified File)
c:\windows\temp\68.wncryt (Created File)
Size 25.99 KB (26614 bytes)
Hash Values MD5: a608c07a59222083c157a27f0a962404
SHA1: 8bf9fcdbac34aa3ded5da9b38a0166781e795eb1
SHA256: 6de1709099be145b3487b2cdce7f9b36859348f254ae6e5472b3e025475ad99d
Actions
c:\users\dssdpmx042\documents\kqu8ojbhlzr.odp.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\kqu8ojbhlzr.odp.wncryt (Created File)
c:\users\dssdpmx042\documents\kqu8ojbhlzr.odp.wncry (Created File)
Size 16.16 KB (16552 bytes)
Hash Values MD5: 30cf15b4006c78b30cbf5efad0620c18
SHA1: 04a88810214d2654d082d9ce45bb1b1eb0dded88
SHA256: 5fd9de346045aa87e2e5ecce3ddf0cd4b06cf961023fba2e63a1ded5e2d69693
Actions
c:\users\dssdpmx042\documents\kqu8ojbhlzr.odp, ...
-
File Properties
Names c:\users\dssdpmx042\documents\kqu8ojbhlzr.odp (Modified File)
c:\windows\temp\69.wncryt (Created File)
Size 15.88 KB (16263 bytes)
Hash Values MD5: 7429d8beea2e5bd4d92b5597a8c41ce5
SHA1: 1afe9f7ad4921912634d837e3b75988fa050c304
SHA256: bcf3983dd13c35cea09969e7a9124ee6e7d195c3b3ec7600802ae6328c8e2ba2
Actions
c:\users\dssdpmx042\documents\qracrespejeu3.ods.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\qracrespejeu3.ods.wncryt (Created File)
c:\users\dssdpmx042\documents\qracrespejeu3.ods.wncry (Created File)
Size 19.09 KB (19544 bytes)
Hash Values MD5: 04849e7cbf3e28646a3a630ff20c19f5
SHA1: ed7b5f67c43c6b352a59210359467166fbeedced
SHA256: 352f3efa0fab99d072e8ffe9c79d52ef704f06781f2cbbde2123f5dedc7c88f2
Actions
c:\users\dssdpmx042\documents\qracrespejeu3.ods, ...
-
File Properties
Names c:\users\dssdpmx042\documents\qracrespejeu3.ods (Modified File)
c:\windows\temp\70.wncryt (Created File)
Size 18.81 KB (19262 bytes)
Hash Values MD5: 547ca5530625363e26dc2bc8368d0d65
SHA1: 8a9b6982d29534390d6d96f123d4c35d2725e09b
SHA256: 1a4886a69fd54f03d9e04118f38538601a1075af9b157dd484136024bafc110f
Actions
c:\users\dssdpmx042\documents\z-zdwb\t9kbu.ots.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\t9kbu.ots.wncryt (Created File)
c:\users\dssdpmx042\documents\z-zdwb\t9kbu.ots.wncry (Created File)
Size 49.66 KB (50856 bytes)
Hash Values MD5: bd394aaf945fe731ad07fd006cd5a741
SHA1: eb3bfc42bc690626258d7c8e2b638e6b30c5ae0f
SHA256: ba068020fc69c79f3881017f4a951e400d0ccbea40aa80843d1a08ea4d58229e
Actions
c:\users\dssdpmx042\documents\z-zdwb\t9kbu.ots, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\t9kbu.ots (Modified File)
c:\windows\temp\71.wncryt (Created File)
Size 49.38 KB (50566 bytes)
Hash Values MD5: af990fe4ddbb05bc09624b79c6102d82
SHA1: 7cb82f56c09174bbb2c9c608298322d8cd12e2c9
SHA256: 641be26af74046d03c0bc8d48ccdb597b23ea409697decee0ad6a5e35d202acf
Actions
c:\users\dssdpmx042\documents\z-zdwb\uigp.odp.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\uigp.odp.wncryt (Created File)
c:\users\dssdpmx042\documents\z-zdwb\uigp.odp.wncry (Created File)
Size 68.85 KB (70504 bytes)
Hash Values MD5: 49241a64f8a60ed924d204656bf30ab1
SHA1: a152d4485edbaa6dc11cd5cb4b3d8f045f8960c8
SHA256: 34506055fc6fa8aed355b2c74f315e1239d8eba922b17470d60e8d55baf87dab
Actions
c:\users\dssdpmx042\documents\z-zdwb\uigp.odp, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\uigp.odp (Modified File)
c:\windows\temp\72.wncryt (Created File)
Size 68.57 KB (70220 bytes)
Hash Values MD5: e5ed54fe320e9208759ce43a34d8e570
SHA1: 9905d5596890f1d8257adaba3024b44baf25a81c
SHA256: d257efa99d365cb080f6da03317bbd223c39d748d25924aae2b54a8cb4cf2c8c
Actions
c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\v3b5lpgbpfe06xmrqjo.ots.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\v3b5lpgbpfe06xmrqjo.ots.wncryt (Created File)
c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\v3b5lpgbpfe06xmrqjo.ots.wncry (Created File)
Size 58.38 KB (59784 bytes)
Hash Values MD5: ef06df5561345f0bf62aeb829af0151e
SHA1: 154658f7d51c569379792a2cf56499ea95266564
SHA256: c11b6245b098ab35dd04ceabc1ce2ba226354b2fff36dbadc7a2dc930f5d5b14
Actions
c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\v3b5lpgbpfe06xmrqjo.ots, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\v3b5lpgbpfe06xmrqjo.ots (Modified File)
c:\windows\temp\73.wncryt (Created File)
Size 58.10 KB (59495 bytes)
Hash Values MD5: ee0748217bd36b04a2bea33417496fc6
SHA1: 032f6d62b70ac8d70b0b93efe3f483b93c974e11
SHA256: d0e36a44f9710425e4f8c1f457ff1a577de0579081574f2b3b2d96ecadb60516
Actions
c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\3e4ho\k_5vq4jhsw8guvo.odp.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\3e4ho\k_5vq4jhsw8guvo.odp.wncryt (Created File)
c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\3e4ho\k_5vq4jhsw8guvo.odp.wncry (Created File)
Size 14.43 KB (14776 bytes)
Hash Values MD5: 1de2998c63db83fbafffb155b7d23c38
SHA1: 81c28a0a60a9b99b86d9efb8269f3722f712a9e6
SHA256: 8ee82eec2d098c4a95586e8d8dfcbcc8cff6fb30edbd822c9bf9b3e5ad4aa2c0
Actions
c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\3e4ho\k_5vq4jhsw8guvo.odp, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\3e4ho\k_5vq4jhsw8guvo.odp (Modified File)
c:\windows\temp\74.wncryt (Created File)
Size 14.14 KB (14482 bytes)
Hash Values MD5: 82b28f4e4779c69a55d964556a04f659
SHA1: e25366e2cbdd6840fe9e91587cefd94bc156f183
SHA256: 9e511846b0c4ce12e0e58b9d9c5358df964c11f55f276e90b2a022522111c480
Actions
c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\3e4ho\qbqa9 xzsel7xnah8.pps.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\3e4ho\qbqa9 xzsel7xnah8.pps.wncryt (Created File)
c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\3e4ho\qbqa9 xzsel7xnah8.pps.wncry (Created File)
Size 44.40 KB (45464 bytes)
Hash Values MD5: 4f9debf4893c31632e03fa7b8cd0ea9b
SHA1: 09d56184652495495d309e340fae21e7f7f4fc35
SHA256: d60adf9bab0a3cb97be9fca2691b5be44a3a42b9c71d64b799bfc5cdca821114
Actions
c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\3e4ho\qbqa9 xzsel7xnah8.pps, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\j9gd3zhd03fzbccc\3e4ho\qbqa9 xzsel7xnah8.pps (Modified File)
c:\windows\temp\75.wncryt (Created File)
Size 44.11 KB (45172 bytes)
Hash Values MD5: 6fe5ed0d2262214db2479ddcec897911
SHA1: 042b3d9f3ec5d94f3bfcfd8a9e1699e0145da876
SHA256: cf88fbb309ccc71314120ac165cd4a4eea7749b42949fb21847fc2ee99339f9a
Actions
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\bzrtj.pps.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\bzrtj.pps.wncryt (Created File)
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\bzrtj.pps.wncry (Created File)
Size 63.88 KB (65416 bytes)
Hash Values MD5: b19c25689eb1cedf81066cb4e7ff2007
SHA1: 056ea99d697606dcf14271812ebdace73b802d86
SHA256: b964a3b7423a525c64a3313a0568c28c1e90d5c56b8450f752306965a5391dfe
Actions
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\bzrtj.pps, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\bzrtj.pps (Modified File)
c:\windows\temp\76.wncryt (Created File)
Size 63.60 KB (65126 bytes)
Hash Values MD5: 30ca436ffeff1050e7169a8fed2f8a5d
SHA1: abe460287c15eb7042cce9fc7a023d61c14b644a
SHA256: 20262c1e380a9527dc25b9f5c9fc256fb8059259826602ea8378d1e6dcf56d7e
Actions
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\lo4nczsaz.ots.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\lo4nczsaz.ots.wncryt (Created File)
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\lo4nczsaz.ots.wncry (Created File)
Size 19.18 KB (19640 bytes)
Hash Values MD5: c1ba7533e53884804b236c202a146889
SHA1: 784165e2e16a0a2ddb385f878bb912f37db4a14f
SHA256: 45db25bc5dafe3dc5de708c40217703db4c17d113faf07b3e46fae3886ba4ab2
Actions
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\lo4nczsaz.ots, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\lo4nczsaz.ots (Modified File)
c:\windows\temp\77.wncryt (Created File)
Size 18.91 KB (19360 bytes)
Hash Values MD5: fb330699a54a91917e2607c3d6d528f7
SHA1: 8f225246ff8df1a05730936d106dd8ca603b588e
SHA256: 80e222b0100c5167226c5a4b41be4893f1b8d403f85e447ea31600a164687165
Actions
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\nqa-xbh.odp.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\nqa-xbh.odp.wncryt (Created File)
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\nqa-xbh.odp.wncry (Created File)
Size 67.65 KB (69272 bytes)
Hash Values MD5: b6a4c95cd407d2d7e1cdc5bf143431eb
SHA1: bdda284edfbf226720160b5d601858116772458f
SHA256: bdd433d31a91ab13e3199f82d6236151581f79d149340b723291a79e7f68952f
Actions
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\nqa-xbh.odp, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\nqa-xbh.odp (Modified File)
c:\windows\temp\78.wncryt (Created File)
Size 67.37 KB (68985 bytes)
Hash Values MD5: 73d3e6b43301bdab25a6947987124022
SHA1: 7aa26643cd525e49b743ca61bbe224f36855c84f
SHA256: da110343e6a29f34262f176a005349d5767a138f1dad4586bbf845b9e8f79762
Actions
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\tedc-nspy xfvlw3\-nos.ods.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\tedc-nspy xfvlw3\-nos.ods.wncryt (Created File)
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\tedc-nspy xfvlw3\-nos.ods.wncry (Created File)
Size 12.15 KB (12440 bytes)
Hash Values MD5: de1eebba6db517c8c2e00458bb70c6eb
SHA1: 4716e9040f2064cba9fab79df88bcadeef8d6dda
SHA256: e87c3ebcbf000c18f3d70f87f386312bb1d359a313fff58fb35cede937300278
Actions
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\tedc-nspy xfvlw3\-nos.ods, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\tedc-nspy xfvlw3\-nos.ods (Modified File)
c:\windows\temp\79.wncryt (Created File)
Size 11.87 KB (12159 bytes)
Hash Values MD5: 19022e66119ee78b42eeb70bb670d888
SHA1: 6bf892bff1a709cd87a92229b8f542898238575e
SHA256: 67c35823a40183728fb4c205080319d35705595d1b89ba1901a77e0292d244fa
Actions
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\tedc-nspy xfvlw3\axtg6ai5-.ods.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\tedc-nspy xfvlw3\axtg6ai5-.ods.wncryt (Created File)
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\tedc-nspy xfvlw3\axtg6ai5-.ods.wncry (Created File)
Size 54.90 KB (56216 bytes)
Hash Values MD5: 43b32d1c133dbed7d30683370d7dbc72
SHA1: d963114687605dc39b368ccc9ba206be8a1cfe40
SHA256: 586f79a94a707311bf9e14295a22633095442f2518809494d28759f68864357d
Actions
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\tedc-nspy xfvlw3\axtg6ai5-.ods, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\tedc-nspy xfvlw3\axtg6ai5-.ods (Modified File)
c:\windows\temp\80.wncryt (Created File)
Size 54.61 KB (55924 bytes)
Hash Values MD5: b990512eaa65462c84bed7c7ef35cf3b
SHA1: 16bbeb534f459418780da6b1dbac6484368d9296
SHA256: e9938830ef1de39f9b76f0e050f8bd3318750cd949113a96ca5755a27cff82e9
Actions
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\tedc-nspy xfvlw3\qz1senichq4fy3oijrd.ots.wncryt, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\tedc-nspy xfvlw3\qz1senichq4fy3oijrd.ots.wncryt (Created File)
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\tedc-nspy xfvlw3\qz1senichq4fy3oijrd.ots.wncry (Created File)
Size 55.93 KB (57272 bytes)
Hash Values MD5: 384b745c7c6b8682e483461c44072c89
SHA1: a541e377fe124b9b349f63ac5fe9d16d3330331f
SHA256: 4c10122b8e894bed70bc0a3c724ed05c15b1c7c37859115905a7f4dad6838cf2
Actions
c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\tedc-nspy xfvlw3\qz1senichq4fy3oijrd.ots, ...
-
File Properties
Names c:\users\dssdpmx042\documents\z-zdwb\kfd49gef82k2wc1srgu\tedc-nspy xfvlw3\qz1senichq4fy3oijrd.ots (Modified File)
c:\windows\temp\81.wncryt (Created File)
Size 55.65 KB (56989 bytes)
Hash Values MD5: 1a0ab823d5d87c2e8c662f6aecab92f1
SHA1: 73a700721e289f6604081e4f6ada4570f8f380a4
SHA256: 5733b547d767c43ef6b0a3461c4ae6c70d83f010872a6b56af7423e9f7f26c19
Actions
c:\programdata\microsoft\windows nt\msscan\welcomescan.jpg.wncryt, ...
-
File Properties
Names c:\programdata\microsoft\windows nt\msscan\welcomescan.jpg.wncryt (Created File)
c:\users\all users\microsoft\windows nt\msscan\welcomescan.jpg.wncry (Created File)
Size 504.60 KB (516712 bytes)
Hash Values MD5: c2f490b449bd9a8562ef6f1a838e19f7
SHA1: b855e709f6902ce77930f0be50c94bb9b4cc545e
SHA256: 5a629693b7bb3548901e66c530011065488cf02c1afb3fc2cff88ef7eacf8056
Actions
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy". 



    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image