ba809c00...dd22

File (856)

»

Filename	Hash	Operations	Source
	-	Access, Read
C:\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	-	Access, Write
C:\$GetCurrent\SafeOS\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\$GetCurrent\SafeOS\GetCurrentRollback.ini	MD5: f2e2ef436477d54769694d7abac962f2 SHA1: 6da50f2c02fe728d98d2909195cd19672a413a8c SHA256: 5ce93fea86a35459e1750bc884a83f6a54d51cd9a4590f98c1044571147082d3 SSDeep: 24:BHm623MoVEeZ/+yR3oKJMCtrpWR3GYHvfcIgYOkTHvC36hoWOUzMGZPZmDC4RLbf:BrpuEM/LNJXpgG4xgQTAGZQLXiuQih ImpHash: None	Access, Read, Write	Modified File
C:\$GetCurrent\SafeOS\GetCurrentRollback.ini.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: f2e2ef436477d54769694d7abac962f2 SHA1: 6da50f2c02fe728d98d2909195cd19672a413a8c SHA256: 5ce93fea86a35459e1750bc884a83f6a54d51cd9a4590f98c1044571147082d3 SSDeep: 24:BHm623MoVEeZ/+yR3oKJMCtrpWR3GYHvfcIgYOkTHvC36hoWOUzMGZPZmDC4RLbf:BrpuEM/LNJXpgG4xgQTAGZQLXiuQih ImpHash: None	Access	Dropped File
C:\$WINRE_BACKUP_PARTITION.MARKER	-	Access
C:\588bce7c90097ed212\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\1025\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\1025\eula.rtf	MD5: e71fba31c1bf3815c3d2e74252f5fecd SHA1: f07621112477c7e5aa5906e63e21202ba79e6361 SHA256: 26c17d5971c306b6cfda46b867d9e7862b34d4b85f5ddc9e919ca8bad4a6b1c8 SSDeep: 192:SnAq6UOgPy/ilBNLrVMVlgOxDkplgJ40p1dz3afFkg7ROX+:Sd/Ry/izqlgOtkpK4+dL4FPQu ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1025\eula.rtf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: e71fba31c1bf3815c3d2e74252f5fecd SHA1: f07621112477c7e5aa5906e63e21202ba79e6361 SHA256: 26c17d5971c306b6cfda46b867d9e7862b34d4b85f5ddc9e919ca8bad4a6b1c8 SSDeep: 192:SnAq6UOgPy/ilBNLrVMVlgOxDkplgJ40p1dz3afFkg7ROX+:Sd/Ry/izqlgOtkpK4+dL4FPQu ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1025\LocalizedData.xml	MD5: 00a9da326ebef67894086a16fded1c8d SHA1: ba943877681f96e697291a2da3b0eb9ba43473cb SHA256: 1a414b3f460aeb500b1197705ed1b0e3fff2a588e2ff3e48ee0eb2d332e6024d SSDeep: 1536:S3nT5sIRe5NJxKJ3MjcazuSAR8hvlHEZVtECrWOBm3glu:WxUN+h8l6Sg8plHEZYCib3gc ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1025\LocalizedData.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 00a9da326ebef67894086a16fded1c8d SHA1: ba943877681f96e697291a2da3b0eb9ba43473cb SHA256: 1a414b3f460aeb500b1197705ed1b0e3fff2a588e2ff3e48ee0eb2d332e6024d SSDeep: 1536:S3nT5sIRe5NJxKJ3MjcazuSAR8hvlHEZVtECrWOBm3glu:WxUN+h8l6Sg8plHEZYCib3gc ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1028\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\1028\eula.rtf	MD5: a5a1817c73f33b5caa3ebe381c008646 SHA1: 3fa57546191e5c58587eb64219c4e68279a3c9d1 SHA256: 19f2ff51265e651cbb90ba9a301102a4f5cfbe6eb897190777a5e0dcf5231a79 SSDeep: 96:/R8NRf8TTVKTu4LuTu4LrzZD41raZM4HbegdxqKZJQ1/FSMZJujgzc/MpD1JzIfC:/R4Rfm2NBZMjOfro2n6CAC ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1028\eula.rtf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: d8708a64981c11322cdddf4415b9ea80 SHA1: 0a44e8d7aa074a61a093087b5ee296293c4395af SHA256: b4d0e192fce854ec7b8efe5c295a552cfc8b89675abab6c7d4ac3d1dfaf3085d SSDeep: 192:Mnv2lDrRxaRd+rfs/ipJZPXPA1O0ITXKzZCS3GH+ROX+:ceDrRUyLsapPT0ITadJ3BQu ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1028\LocalizedData.xml	MD5: 8b3793cefbb1650e2eb88f72538fd235 SHA1: c93599ac3cca4a49eed73146b45f261710ca1055 SHA256: 7d64803991e38ffb0d832b5ae391dd83caa76619336612751b1604fdf9005938 SSDeep: 384:4wCGbCWB6rFk+2jP8lxtrzh1hsPN7ODPnPgQy50sJCXnofDPi9:tbCWYFrewYTJCN ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1028\LocalizedData.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 6c7d17900eaa8edc063ebc3009647bb4 SHA1: bdb00967dcb0e409c7f250f4821374aabf546048 SHA256: b88721df976332827f8b32f20d7b3aba2c8233524660f864a0d3cfd83dc61b78 SSDeep: 1536:1FTVDuMU7uq7+R1r5DG9dEKXLhbySW0ZSi5XN+LXYu:1FTVDuGTRlFAdFXLNtZSYd+LXH ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1029\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\1029\eula.rtf	MD5: 65d688fef10d3bd932e2feb3d99126ab SHA1: 79d5831d7d26f3606eca44b3033152489e55123c SHA256: e2ffbb6a3a6d1dc8f05f4844af674d36686889b7535aeb5d1b464963691ee522 SSDeep: 96:rbIlxGbPgAZAV46VT8xePFCSjvYr3uzFS43FPZ653/ppH+GOgQgk+:XImboOAqYgetCyArepFhC3RNROX+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1029\eula.rtf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 65d688fef10d3bd932e2feb3d99126ab SHA1: 79d5831d7d26f3606eca44b3033152489e55123c SHA256: e2ffbb6a3a6d1dc8f05f4844af674d36686889b7535aeb5d1b464963691ee522 SSDeep: 96:rbIlxGbPgAZAV46VT8xePFCSjvYr3uzFS43FPZ653/ppH+GOgQgk+:XImboOAqYgetCyArepFhC3RNROX+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1029\LocalizedData.xml	MD5: 62f4f968330105cc8e33f8cd03d53ae1 SHA1: c39f92e04f9b3d05cddb3495213ccdcb2a2639d6 SHA256: fc68d3339d03266bed9756fdd3edfd536d7e244de57ee8a0d28f72b7f90d0b46 SSDeep: 1536:Rmyw4GLTnR+q1P8BiQrEwH5bA1IlqDBbEFGQMWO5u:Rmyw4GL7RhP8BiMbANDxEFqWN ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1029\LocalizedData.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 62f4f968330105cc8e33f8cd03d53ae1 SHA1: c39f92e04f9b3d05cddb3495213ccdcb2a2639d6 SHA256: fc68d3339d03266bed9756fdd3edfd536d7e244de57ee8a0d28f72b7f90d0b46 SSDeep: 1536:Rmyw4GLTnR+q1P8BiQrEwH5bA1IlqDBbEFGQMWO5u:Rmyw4GL7RhP8BiMbANDxEFqWN ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1030\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\1030\eula.rtf	MD5: 10b1a712ec8383186e45c53b30eafc3f SHA1: 05d40482cdc3f90c6cd291faa4af6a4810447ac0 SHA256: a68a994b3c80a0bd15559d51af8806bbdedecdf873997bfd46469272668a82e3 SSDeep: 96:flfV80SfbDxiHFyN6Bs9yDSBNxLgJFs2RF+GOgQgk+:fxV80S5iHFyN6aCSNgE2RFROX+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1030\eula.rtf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 10b1a712ec8383186e45c53b30eafc3f SHA1: 05d40482cdc3f90c6cd291faa4af6a4810447ac0 SHA256: a68a994b3c80a0bd15559d51af8806bbdedecdf873997bfd46469272668a82e3 SSDeep: 96:flfV80SfbDxiHFyN6Bs9yDSBNxLgJFs2RF+GOgQgk+:fxV80S5iHFyN6aCSNgE2RFROX+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1030\LocalizedData.xml	MD5: 7c7cf8e31d649fca74133fad4824aeab SHA1: 78d60879a51af9cc5f6511220a49ed7ee184ac9e SHA256: aecced4206baf29d6ef2a5c719f10385f72a48c53e714d8918ea788fa37406c9 SSDeep: 1536:e3HcfO7Fv3YRH0L1Yk/Yp1L3hUw3+H5sS9vjO5cWDhEbfyRMGeHo1Au:e3cfiOUBr+1L3M7LehEmRM5od ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1030\LocalizedData.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 7c7cf8e31d649fca74133fad4824aeab SHA1: 78d60879a51af9cc5f6511220a49ed7ee184ac9e SHA256: aecced4206baf29d6ef2a5c719f10385f72a48c53e714d8918ea788fa37406c9 SSDeep: 1536:e3HcfO7Fv3YRH0L1Yk/Yp1L3hUw3+H5sS9vjO5cWDhEbfyRMGeHo1Au:e3cfiOUBr+1L3M7LehEmRM5od ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1031\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\1031\eula.rtf	MD5: 1f7186896613fef324026f57f6950d0e SHA1: a4e5ecfbd704c0b3f3380e561f33bec250a4b94c SHA256: 7c20e953014780240dbdae9ff3cea51e81d8d8afee996212947dee1c18a833bb SSDeep: 96:Z6lTglUjCwggyCAw4MYKegwDAHTRYKqd14m+GOgQgk+:Z6lT8wv8wUreTGKqxROX+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1031\eula.rtf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 1f7186896613fef324026f57f6950d0e SHA1: a4e5ecfbd704c0b3f3380e561f33bec250a4b94c SHA256: 7c20e953014780240dbdae9ff3cea51e81d8d8afee996212947dee1c18a833bb SSDeep: 96:Z6lTglUjCwggyCAw4MYKegwDAHTRYKqd14m+GOgQgk+:Z6lT8wv8wUreTGKqxROX+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1031\LocalizedData.xml	MD5: 28e3754e99af43da3dfbc73415f5860a SHA1: 1870298f94f8bf9f5c4f49ce56b56b42f0d1c662 SHA256: 2f874c4d17706f9fcdd936f327c9a0ac6f9fb42b20fc56f521ed43188dee4c1d SSDeep: 1536:qkflo+wBtMyTVMWLu0kz/k32SPaZdZpRSsAIIbqaaiEAMzcvMeMazhGb2bu:x9CBVkrYCZlWhalAjk7a9GL ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1031\LocalizedData.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 28e3754e99af43da3dfbc73415f5860a SHA1: 1870298f94f8bf9f5c4f49ce56b56b42f0d1c662 SHA256: 2f874c4d17706f9fcdd936f327c9a0ac6f9fb42b20fc56f521ed43188dee4c1d SSDeep: 1536:qkflo+wBtMyTVMWLu0kz/k32SPaZdZpRSsAIIbqaaiEAMzcvMeMazhGb2bu:x9CBVkrYCZlWhalAjk7a9GL ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1032\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\1032\eula.rtf	MD5: 9c1896b8993235b0b1952801bb102695 SHA1: e90b0cbd1a010e9b4122bf44fc25060974c9e03c SHA256: 325b5d5f2fc93ba4f900ef7505a37434f092ef763a2a186833eaf5ed61455d66 SSDeep: 192:9PeQGmpjP+0h2/0fpKZjxK6DeL00nJPL2gjniJUUt/Y+n7ROX+:RedmptQQSjxJeVnJPLvjniJUUt/Ye7Qu ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1032\eula.rtf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 9c1896b8993235b0b1952801bb102695 SHA1: e90b0cbd1a010e9b4122bf44fc25060974c9e03c SHA256: 325b5d5f2fc93ba4f900ef7505a37434f092ef763a2a186833eaf5ed61455d66 SSDeep: 192:9PeQGmpjP+0h2/0fpKZjxK6DeL00nJPL2gjniJUUt/Y+n7ROX+:RedmptQQSjxJeVnJPLvjniJUUt/Ye7Qu ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1032\LocalizedData.xml	MD5: 31adddacadff80014095a40bfde9200e SHA1: f0eb5a95f095aadee160a1e6f2b02f1e43b76833 SHA256: 6a5c1a02ad1ebd1057cf59549849d50f6cc8c5f711134a26691801eb4a2183ef SSDeep: 1536:N1U4r+VMtZCD/LnqORcoJCdw3WKdTwEH5iUKEDd48gG0wPgN6VugTnItca32u:N1U4aVv/LekYwLwEXKEdMyPHMN ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1032\LocalizedData.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 31adddacadff80014095a40bfde9200e SHA1: f0eb5a95f095aadee160a1e6f2b02f1e43b76833 SHA256: 6a5c1a02ad1ebd1057cf59549849d50f6cc8c5f711134a26691801eb4a2183ef SSDeep: 1536:N1U4r+VMtZCD/LnqORcoJCdw3WKdTwEH5iUKEDd48gG0wPgN6VugTnItca32u:N1U4aVv/LekYwLwEXKEdMyPHMN ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1033\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\1033\eula.rtf	MD5: bb049a2332627a67c68cbaa94664d311 SHA1: 6714424f1b9095d2df322dd6787566ed72d6164d SHA256: f9aa06e2f7d83392b4728a13acbf084ec8e8c2c79e3345f26cfee18312e2906c SSDeep: 96:BBQfmrVtpzXrj/K3kGKqZfdASw1kJQTdA3D+GOgQgk+:B0+tpzXrj/EtJfEhTiTROX+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1033\eula.rtf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: bb049a2332627a67c68cbaa94664d311 SHA1: 6714424f1b9095d2df322dd6787566ed72d6164d SHA256: f9aa06e2f7d83392b4728a13acbf084ec8e8c2c79e3345f26cfee18312e2906c SSDeep: 96:BBQfmrVtpzXrj/K3kGKqZfdASw1kJQTdA3D+GOgQgk+:B0+tpzXrj/EtJfEhTiTROX+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1033\LocalizedData.xml	MD5: 4926fd1c34db367ca0d16edf23f1d630 SHA1: 22686a53891a5a7b8d44a95278fbe020fcd74122 SHA256: a3345b651a7341fde51e00ef3d7111c5e30ab98b53487b5a0e51159c6550dff7 SSDeep: 1536:qYBIiO59p2f5/xoLwNxWzpkPmCghYpIV9AiFnN33Jnu:CPo7oLwNxCp6mbmsf30 ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1033\LocalizedData.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 4926fd1c34db367ca0d16edf23f1d630 SHA1: 22686a53891a5a7b8d44a95278fbe020fcd74122 SHA256: a3345b651a7341fde51e00ef3d7111c5e30ab98b53487b5a0e51159c6550dff7 SSDeep: 1536:qYBIiO59p2f5/xoLwNxWzpkPmCghYpIV9AiFnN33Jnu:CPo7oLwNxCp6mbmsf30 ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1035\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\1035\eula.rtf	MD5: e45e876c7b0154f6367ae9399efcb971 SHA1: 55430498e238bdf8d772207317c71b3fea104099 SHA256: a7c8053c571085d0bb3ab104fdba8d483541f1274b36ca54bef9bb4023c9f0b9 SSDeep: 96:5U8RqVbN/5izupfBYZC4EmmnkD0IQ4gR+GOgQgk+:5VqVRGut4mkwIQ4gRROX+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1035\eula.rtf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: e45e876c7b0154f6367ae9399efcb971 SHA1: 55430498e238bdf8d772207317c71b3fea104099 SHA256: a7c8053c571085d0bb3ab104fdba8d483541f1274b36ca54bef9bb4023c9f0b9 SSDeep: 96:5U8RqVbN/5izupfBYZC4EmmnkD0IQ4gR+GOgQgk+:5VqVRGut4mkwIQ4gRROX+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1035\LocalizedData.xml	MD5: 45668f8bbc685a4666c51249f19f3a88 SHA1: 76c5842cff9272e9efdfb683b4b169c5d375c9c1 SHA256: 1686eee9185cd84f1270b07e9280d792dadfbefb0d6875554c4d67ba0ea5821e SSDeep: 1536:WsSmdmqMD7G6aR1lL9t9+hzxdqVq4XFxh7TDk/P8KmUu:LJr8q6QlBt9+LdV41DXDk/Er ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1035\LocalizedData.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 45668f8bbc685a4666c51249f19f3a88 SHA1: 76c5842cff9272e9efdfb683b4b169c5d375c9c1 SHA256: 1686eee9185cd84f1270b07e9280d792dadfbefb0d6875554c4d67ba0ea5821e SSDeep: 1536:WsSmdmqMD7G6aR1lL9t9+hzxdqVq4XFxh7TDk/P8KmUu:LJr8q6QlBt9+LdV41DXDk/Er ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1036\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\1036\eula.rtf	MD5: 228441d568fa80ec7f1e48668dd4056f SHA1: 0a06f8c83d2edbf867e689107fd396452d4c499b SHA256: fde506d639bce34d68c7125f787caa4e98ae889284c252f982bd940455c91f1f SSDeep: 96:mKnCDxZA4i+vBLhkAGhybc80PEoX8Tf+yOPJVzFSTVxs+GOgQgk+:yN6+vz9Ghybc80soX8TfDOvoTVaROX+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1036\eula.rtf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 228441d568fa80ec7f1e48668dd4056f SHA1: 0a06f8c83d2edbf867e689107fd396452d4c499b SHA256: fde506d639bce34d68c7125f787caa4e98ae889284c252f982bd940455c91f1f SSDeep: 96:mKnCDxZA4i+vBLhkAGhybc80PEoX8Tf+yOPJVzFSTVxs+GOgQgk+:yN6+vz9Ghybc80soX8TfDOvoTVaROX+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1036\LocalizedData.xml	MD5: cadad9e4a9f76d3ae9c29c3343a96049 SHA1: c8352905cd1641fa10565e3a2556e12b46ba0e25 SHA256: b54f751e07646688428ceddbdacbf75a6cce38b094bd19f520e3099c249cb228 SSDeep: 1536:3R1IzrYEl/sUu2LfDU0Q/yn1VNmcp1GNxwC2DDjHNPtxpA+Ou:DI/M5QVmO1KXsHPB ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1036\LocalizedData.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: cadad9e4a9f76d3ae9c29c3343a96049 SHA1: c8352905cd1641fa10565e3a2556e12b46ba0e25 SHA256: b54f751e07646688428ceddbdacbf75a6cce38b094bd19f520e3099c249cb228 SSDeep: 1536:3R1IzrYEl/sUu2LfDU0Q/yn1VNmcp1GNxwC2DDjHNPtxpA+Ou:DI/M5QVmO1KXsHPB ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1037\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\1037\eula.rtf	MD5: 15eda2f35b151e1ee729b29ab64893a2 SHA1: 04a638862c12f7e79c718bf64e5171d23d7b734c SHA256: 9047c63c2424a04d11f9b6f04d5a007e458d18cefa432bb14521e944cb6bc715 SSDeep: 192:9uEbCfVn4EdKIrh4j5/YQ7WvAd719aXSVROX+:9uEbM1XMIrhW5AQWAd74eQu ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1037\eula.rtf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 15eda2f35b151e1ee729b29ab64893a2 SHA1: 04a638862c12f7e79c718bf64e5171d23d7b734c SHA256: 9047c63c2424a04d11f9b6f04d5a007e458d18cefa432bb14521e944cb6bc715 SSDeep: 192:9uEbCfVn4EdKIrh4j5/YQ7WvAd719aXSVROX+:9uEbM1XMIrhW5AQWAd74eQu ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1037\LocalizedData.xml	MD5: d9709a7d0266b7da6655581001418e72 SHA1: 50d6ed6abab5c03ee8bcae28e9f4c426921c39fb SHA256: 6d66dad2cb431dc5f28f4cf6750f54f3c8cbd97f9081117ad5b7913ca47489c3 SSDeep: 1536:WN+4WaF6mAOP+5cgkmB6qNxGzeJNhUHPPbnmIXAl20bwrkGu:WPWud+CgkmAIxGqJNWvTnmIw5t ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1037\LocalizedData.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: d9709a7d0266b7da6655581001418e72 SHA1: 50d6ed6abab5c03ee8bcae28e9f4c426921c39fb SHA256: 6d66dad2cb431dc5f28f4cf6750f54f3c8cbd97f9081117ad5b7913ca47489c3 SSDeep: 1536:WN+4WaF6mAOP+5cgkmB6qNxGzeJNhUHPPbnmIXAl20bwrkGu:WPWud+CgkmAIxGqJNWvTnmIw5t ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1038\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\1038\eula.rtf	MD5: c9ea13f2f3eca03d4e64596495e90d0f SHA1: e31226b7c670ac196c774d62128650bd480b52a3 SHA256: 55d432d84cf2870d42a07d650e5494bca7d3cb5f2b0e9fa7cda5e340ebf052a5 SSDeep: 96:XcbJS59FsPFJR8v3Rw7QZPA8LPTgYVWCnM/C8KjEM+GOgQgk+:sQ5wPFJR8JA8TJR0C8AEMROX+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1038\eula.rtf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: c9ea13f2f3eca03d4e64596495e90d0f SHA1: e31226b7c670ac196c774d62128650bd480b52a3 SHA256: 55d432d84cf2870d42a07d650e5494bca7d3cb5f2b0e9fa7cda5e340ebf052a5 SSDeep: 96:XcbJS59FsPFJR8v3Rw7QZPA8LPTgYVWCnM/C8KjEM+GOgQgk+:sQ5wPFJR8JA8TJR0C8AEMROX+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1038\LocalizedData.xml	MD5: 74fcaa0d45924b7b2d6891e6032e6297 SHA1: daa37a9e93d5a007c62de4644daec18da949773e SHA256: 4286dc49baf2c13fabdb331a676eaf6a7919b454807c7a0801f468888a431302 SSDeep: 1536:QKX1KLmpOiIENTkMVVvtPseki1i60FniO0mcFBZZKIIPu:j120OiIMTdseVI60HTcFBZfV ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1038\LocalizedData.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 74fcaa0d45924b7b2d6891e6032e6297 SHA1: daa37a9e93d5a007c62de4644daec18da949773e SHA256: 4286dc49baf2c13fabdb331a676eaf6a7919b454807c7a0801f468888a431302 SSDeep: 1536:QKX1KLmpOiIENTkMVVvtPseki1i60FniO0mcFBZZKIIPu:j120OiIMTdseVI60HTcFBZfV ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1040\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\1040\eula.rtf	MD5: 5d4b5160f0431ac275dd50c9a1a0823a SHA1: f4f61796bc8d6cf6fdc2a83cca6374803734ddbb SHA256: 80b6b67a242c72a9f28eb05182abcc8808b21078b9f1ef4089107f110dfc4205 SSDeep: 96:SuoD+ZpHY3BKf3jqakr8oIs4Um8CFKM51qvpQh9k+GOgQgk+:Sus+ZdY3BKbqaQ8onCFJ1qvpROX+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1040\eula.rtf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 5d4b5160f0431ac275dd50c9a1a0823a SHA1: f4f61796bc8d6cf6fdc2a83cca6374803734ddbb SHA256: 80b6b67a242c72a9f28eb05182abcc8808b21078b9f1ef4089107f110dfc4205 SSDeep: 96:SuoD+ZpHY3BKf3jqakr8oIs4Um8CFKM51qvpQh9k+GOgQgk+:Sus+ZdY3BKbqaQ8onCFJ1qvpROX+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1040\LocalizedData.xml	MD5: a6100a378ade933131dbf6d1a1ff27c7 SHA1: 7e7141f2fd8f1d0a7d22235b576e2ad2d0e23d31 SHA256: 97115af63133b14bae8453eee6fa73e7c100659ee1fd681913a2a31fcaf09a00 SSDeep: 1536:mWsUFJaReI1u31kKEWmxFafTtnz1rgeSMeGWlszu4TjBA29B80cF9sJjaWPu:DsUFJaTE3l1safTtzGeSMeGWlyTdbBeh ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1040\LocalizedData.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: a6100a378ade933131dbf6d1a1ff27c7 SHA1: 7e7141f2fd8f1d0a7d22235b576e2ad2d0e23d31 SHA256: 97115af63133b14bae8453eee6fa73e7c100659ee1fd681913a2a31fcaf09a00 SSDeep: 1536:mWsUFJaReI1u31kKEWmxFafTtnz1rgeSMeGWlszu4TjBA29B80cF9sJjaWPu:DsUFJaTE3l1safTtzGeSMeGWlyTdbBeh ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1041\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\1041\eula.rtf	MD5: 9071b55598c3da8b213108a89582800c SHA1: a8f7b7350c9fbf002edc110a4c1505966f489fb9 SHA256: 292533215a8104e88262f8e3cdcd20d54a49f136ab21e338ba325c990fff9877 SSDeep: 192:xqGmK6mas99KuT4Tktsk+DiTHJMAZX6tQJCtWrOPAj+V7/197MgVeROX+:xBmK6PggktemWAZXBrGWO/PMgVeQu ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1041\eula.rtf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 9071b55598c3da8b213108a89582800c SHA1: a8f7b7350c9fbf002edc110a4c1505966f489fb9 SHA256: 292533215a8104e88262f8e3cdcd20d54a49f136ab21e338ba325c990fff9877 SSDeep: 192:xqGmK6mas99KuT4Tktsk+DiTHJMAZX6tQJCtWrOPAj+V7/197MgVeROX+:xBmK6PggktemWAZXBrGWO/PMgVeQu ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1041\LocalizedData.xml	MD5: 4bc2de50cd9a407d5a6ecfead06fdbd9 SHA1: 23a97c930e7dbfbf3d45f8e4223cf9b6b8a51d33 SHA256: d6a924bf5c0e8fd375562e2ddc11611ea5c06b75a06ba0dee459fc177b93aa86 SSDeep: 1536:huLQG7NOStI5P5kHn/nu6THoEBQTyC/4dDELAnu:XGxOStIB5unnToLyC/4dDELAu ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1041\LocalizedData.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 4bc2de50cd9a407d5a6ecfead06fdbd9 SHA1: 23a97c930e7dbfbf3d45f8e4223cf9b6b8a51d33 SHA256: d6a924bf5c0e8fd375562e2ddc11611ea5c06b75a06ba0dee459fc177b93aa86 SSDeep: 1536:huLQG7NOStI5P5kHn/nu6THoEBQTyC/4dDELAnu:XGxOStIB5unnToLyC/4dDELAu ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1042\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\1042\eula.rtf	MD5: ef3768e05e62ec4a60a7aa3f479e4c54 SHA1: 9fa4b5bd0212e6b02094fad280aac9730d479f5c SHA256: 4bfbc5b981158811d4b22720c3dd29cbb9163de8ba235b002040814f0cceb497 SSDeep: 192:mDE1nPx2X47ebKYeG+HilaTM9q5LO0y5PNx7C+94tmV5a5syLuWJ8Os+YZ4aRUCm:mDE1nPQlbKYeXOR51x7VM51LulNXreQu ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1042\eula.rtf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: ef3768e05e62ec4a60a7aa3f479e4c54 SHA1: 9fa4b5bd0212e6b02094fad280aac9730d479f5c SHA256: 4bfbc5b981158811d4b22720c3dd29cbb9163de8ba235b002040814f0cceb497 SSDeep: 192:mDE1nPx2X47ebKYeG+HilaTM9q5LO0y5PNx7C+94tmV5a5syLuWJ8Os+YZ4aRUCm:mDE1nPQlbKYeXOR51x7VM51LulNXreQu ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1042\LocalizedData.xml	MD5: f972d03802322cc115bcdd90eddbca84 SHA1: c9950870b208fd44e6c19d65373735dd015d5e84 SHA256: 8d4b5f2472387242459b2e223fe0e1f08965613f5d0ad1b21978d4177b5e5b3b SSDeep: 768:nmcmq0brX9ROPQOMsPCk8O24uxU6HRYYezZCvVIckj7NE3cprLJ5vcSc5cbnzSmi:mlX9IPvMm7RMmxVC2ck3Ckrt5vsMP+4u ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1042\LocalizedData.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: f972d03802322cc115bcdd90eddbca84 SHA1: c9950870b208fd44e6c19d65373735dd015d5e84 SHA256: 8d4b5f2472387242459b2e223fe0e1f08965613f5d0ad1b21978d4177b5e5b3b SSDeep: 768:nmcmq0brX9ROPQOMsPCk8O24uxU6HRYYezZCvVIckj7NE3cprLJ5vcSc5cbnzSmi:mlX9IPvMm7RMmxVC2ck3Ckrt5vsMP+4u ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1043\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\1043\eula.rtf	MD5: 77a8e8c19ca368ce1fd109038de1d12b SHA1: 715d0935cf9b03cb46f2ac6f2939cc5dfc1fddc2 SHA256: 27b74e76ccbe7ac1a0a4607067825e962a92f552881392307636b2cbef2defd9 SSDeep: 96:4ENEVj8pYv/r92SVVZlFNJE2UaNyS+lh07WZZLS/+GOgQgk+:4XVYOzwaNV+Y7WPkROX+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1043\eula.rtf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 77a8e8c19ca368ce1fd109038de1d12b SHA1: 715d0935cf9b03cb46f2ac6f2939cc5dfc1fddc2 SHA256: 27b74e76ccbe7ac1a0a4607067825e962a92f552881392307636b2cbef2defd9 SSDeep: 96:4ENEVj8pYv/r92SVVZlFNJE2UaNyS+lh07WZZLS/+GOgQgk+:4XVYOzwaNV+Y7WPkROX+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1043\LocalizedData.xml	MD5: 01d13f1fcc0525139855b6862a366008 SHA1: a0404d40fae8ee4ef0665e4722f27965fe607b32 SHA256: fd57aed681966cacbb39f69a52ebdacad72ee48b075764b758ce7d273ccb63d2 SSDeep: 1536:DdBTAw8Ualp4c6OflRiDEkCLk95zGJ6pIViTziobC/4SXu:nAHl6ulRZkpGeIVfobvj ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1043\LocalizedData.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 01d13f1fcc0525139855b6862a366008 SHA1: a0404d40fae8ee4ef0665e4722f27965fe607b32 SHA256: fd57aed681966cacbb39f69a52ebdacad72ee48b075764b758ce7d273ccb63d2 SSDeep: 1536:DdBTAw8Ualp4c6OflRiDEkCLk95zGJ6pIViTziobC/4SXu:nAHl6ulRZkpGeIVfobvj ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1044\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\1044\eula.rtf	MD5: 431f7da698bfc2510d11badbdafd3c83 SHA1: 6d658dd512fd42d797b46ca8260e024adf1de63a SHA256: 6cc2e345e6f243926dae7e909f0c8141ccbaa7209f5998ea6160e76931706aac SSDeep: 96:ph0vR/a3FbJwME8/v2dTJOC+XHV0jfDZSnf5+GOgQgk+:gvR/cFzE8n2dVOVV0jfdkBROX+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1044\eula.rtf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 431f7da698bfc2510d11badbdafd3c83 SHA1: 6d658dd512fd42d797b46ca8260e024adf1de63a SHA256: 6cc2e345e6f243926dae7e909f0c8141ccbaa7209f5998ea6160e76931706aac SSDeep: 96:ph0vR/a3FbJwME8/v2dTJOC+XHV0jfDZSnf5+GOgQgk+:gvR/cFzE8n2dVOVV0jfdkBROX+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1044\LocalizedData.xml	MD5: 9a12d5e5513cf18df6b98ccfb5f3f65c SHA1: 95150d9ba823779d4734f37541b58f97e09ddf54 SHA256: 51ae76488c36367e8959a82012963893ff93c5adf4ce8052ff9b8ca6bd35ba40 SSDeep: 1536:+xjkMqt7y0MEUJHs5yskCuOzjKm1bir3FmLbiH4jxHmEUu:2kMSzMpkyshrPKRr3U3 ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1044\LocalizedData.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 9a12d5e5513cf18df6b98ccfb5f3f65c SHA1: 95150d9ba823779d4734f37541b58f97e09ddf54 SHA256: 51ae76488c36367e8959a82012963893ff93c5adf4ce8052ff9b8ca6bd35ba40 SSDeep: 1536:+xjkMqt7y0MEUJHs5yskCuOzjKm1bir3FmLbiH4jxHmEUu:2kMSzMpkyshrPKRr3U3 ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1045\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\1045\eula.rtf	MD5: 3c6d45509b37111589909a84299842cf SHA1: 600f41a2122e7da047131d6ad50d1f194a1cb823 SHA256: f2e14801aadb937d954f3b03099bdde3766fd2b85b1f65bd39ca269b96f7b96b SSDeep: 96:4RFVJHLmAMlvOQNkRsQsDDXGLTGNfjpNNe79Yhe1M+GOgQgk+:QzH6AMo6LLPGnGd3NWN1MROX+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1045\eula.rtf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 3c6d45509b37111589909a84299842cf SHA1: 600f41a2122e7da047131d6ad50d1f194a1cb823 SHA256: f2e14801aadb937d954f3b03099bdde3766fd2b85b1f65bd39ca269b96f7b96b SSDeep: 96:4RFVJHLmAMlvOQNkRsQsDDXGLTGNfjpNNe79Yhe1M+GOgQgk+:QzH6AMo6LLPGnGd3NWN1MROX+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1045\LocalizedData.xml	MD5: bb580612fa2cedce87f089a7bb3ae52a SHA1: 4083a580fa7284bad466ef888e66c2736709c2bb SHA256: 17e6194fa1f3017c5ac9d8c26270f18f584ebdd8793836ff1a31136ffa25ef23 SSDeep: 1536:wrQBRecm+u8b0UG2DcaKeyFgKgLRUewMci7DEu:wrSQcmyPG2U6gcTDz ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1045\LocalizedData.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: bb580612fa2cedce87f089a7bb3ae52a SHA1: 4083a580fa7284bad466ef888e66c2736709c2bb SHA256: 17e6194fa1f3017c5ac9d8c26270f18f584ebdd8793836ff1a31136ffa25ef23 SSDeep: 1536:wrQBRecm+u8b0UG2DcaKeyFgKgLRUewMci7DEu:wrSQcmyPG2U6gcTDz ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1046\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\1046\eula.rtf	MD5: b19ec19c907596802d425d608000edc8 SHA1: f8020b642e60792475b984105d1795a4e5195188 SHA256: 5373b4e967caeba532ccbe364634eb74d8d856ad2d54d2bc7900827b0376c0cd SSDeep: 96:mK66Xut71aCqVT80PN3g5+0hnCtDK1LRk19RUq+GOgQgk+:mK66XutwC0Q0VQ5+O8DK1LOROX+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1046\eula.rtf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: b19ec19c907596802d425d608000edc8 SHA1: f8020b642e60792475b984105d1795a4e5195188 SHA256: 5373b4e967caeba532ccbe364634eb74d8d856ad2d54d2bc7900827b0376c0cd SSDeep: 96:mK66Xut71aCqVT80PN3g5+0hnCtDK1LRk19RUq+GOgQgk+:mK66XutwC0Q0VQ5+O8DK1LOROX+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1046\LocalizedData.xml	MD5: 9177e7e63bab965ec8f11ae0546c2237 SHA1: a5db671b88186cbf29a81d4ddd62cf1a819453e1 SHA256: 0e1fcd23333df2e4d1203718c52c40228f454bb938eaca1b77bdc06951b84882 SSDeep: 1536:5riqdCQOd4Tk4AagsQ3mZjZuM+RJqi7WOrNPEM0g+ZDYdK70MgMjOu:5mqKyY4AAGjNRJj7WOrKVlZDYdK706 ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1046\LocalizedData.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 9177e7e63bab965ec8f11ae0546c2237 SHA1: a5db671b88186cbf29a81d4ddd62cf1a819453e1 SHA256: 0e1fcd23333df2e4d1203718c52c40228f454bb938eaca1b77bdc06951b84882 SSDeep: 1536:5riqdCQOd4Tk4AagsQ3mZjZuM+RJqi7WOrNPEM0g+ZDYdK70MgMjOu:5mqKyY4AAGjNRJj7WOrKVlZDYdK706 ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1049\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\1049\eula.rtf	MD5: 279edce389f80bb06f7ab6566b83bc1e SHA1: b45a8a0fd89f6ef5cc4b6e2734588f2a822fe843 SHA256: 261f3594ca1ca0e0dca93f0a9618f657467b3f181ee25b82eb6c0f95102b367e SSDeep: 1536:E0YIO4+GhNH6jd5DUs9Z8DQWnaHCAEHTdTtONqh7VXu:DYIO4hfajd5DUygQWCaHTdwNqhpe ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1049\eula.rtf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 279edce389f80bb06f7ab6566b83bc1e SHA1: b45a8a0fd89f6ef5cc4b6e2734588f2a822fe843 SHA256: 261f3594ca1ca0e0dca93f0a9618f657467b3f181ee25b82eb6c0f95102b367e SSDeep: 1536:E0YIO4+GhNH6jd5DUs9Z8DQWnaHCAEHTdTtONqh7VXu:DYIO4hfajd5DUygQWCaHTdwNqhpe ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1049\LocalizedData.xml	MD5: f70117d17a60cd23f96034f6b6a5b3e7 SHA1: b2953c605791d942bae993fbe5dbe85fe255f6e8 SHA256: 61c34bc2384dba6d99f447e7360a7d75d6f728729644aa2d50c9091ff5842d63 SSDeep: 1536:X/OTgoNxi6ozg7zmeEA8BvQxPqtCDeE7r0Ai9Qmn7XrF2wT0oSLlnQ0wQMjUK5Ju:vOU0x6zg7zmeEA8BvQcCDDr0AP+B2wUP ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1049\LocalizedData.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: f70117d17a60cd23f96034f6b6a5b3e7 SHA1: b2953c605791d942bae993fbe5dbe85fe255f6e8 SHA256: 61c34bc2384dba6d99f447e7360a7d75d6f728729644aa2d50c9091ff5842d63 SSDeep: 1536:X/OTgoNxi6ozg7zmeEA8BvQxPqtCDeE7r0Ai9Qmn7XrF2wT0oSLlnQ0wQMjUK5Ju:vOU0x6zg7zmeEA8BvQcCDDr0AP+B2wUP ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1053\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\1053\eula.rtf	MD5: 2189b35f0c04fb3a752712cbdae8aa94 SHA1: 89b0df6910466c31b4ebe9d256b96c51d592c566 SHA256: b82762b655f8484693ebef9b303b8819c2763dddf13c824ba53f431404f523a4 SSDeep: 96:k8LU1hxumdcLfCRg0/hcnOXPy423PEca9K+GOgQgk+:kl1hxACRg0Jcy23P5ROX+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1053\eula.rtf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 2189b35f0c04fb3a752712cbdae8aa94 SHA1: 89b0df6910466c31b4ebe9d256b96c51d592c566 SHA256: b82762b655f8484693ebef9b303b8819c2763dddf13c824ba53f431404f523a4 SSDeep: 96:k8LU1hxumdcLfCRg0/hcnOXPy423PEca9K+GOgQgk+:kl1hxACRg0Jcy23P5ROX+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1053\LocalizedData.xml	MD5: 598f80ab34cec675a16963e0e00fab3d SHA1: 1e73701c7b7e336b602ed47e6cee4d78cc91500a SHA256: 377e2c738a471d0d39cd5a6b38d829bf21becf6a093ea6afb96ec5c70652f868 SSDeep: 1536:vcxf0XS/5Y7cpRad9LePAidQdyFfEmaI59dyFXX2sbp9ZmiB0ru:v6cC/5eoRTAUQdyFf39dmfbxmiB0i ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1053\LocalizedData.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 598f80ab34cec675a16963e0e00fab3d SHA1: 1e73701c7b7e336b602ed47e6cee4d78cc91500a SHA256: 377e2c738a471d0d39cd5a6b38d829bf21becf6a093ea6afb96ec5c70652f868 SSDeep: 1536:vcxf0XS/5Y7cpRad9LePAidQdyFfEmaI59dyFXX2sbp9ZmiB0ru:v6cC/5eoRTAUQdyFf39dmfbxmiB0i ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1055\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\1055\eula.rtf	MD5: 71599555207b1851e83afbfea66b66ab SHA1: 21edc9f6e9b5ac0e48da7796eb732283e6e34363 SHA256: e1ade12eb20e55cdcc9addf75a11fe527ccd5bb28c620ff07ad29fdded85930a SSDeep: 96:lnakdkuSSsTAvhPYM1q7Ka+iISZc9gdqSVEl0FTTpM0+GOgQgk+:k8PvhQwYKhFSKiF/pM0ROX+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1055\eula.rtf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 71599555207b1851e83afbfea66b66ab SHA1: 21edc9f6e9b5ac0e48da7796eb732283e6e34363 SHA256: e1ade12eb20e55cdcc9addf75a11fe527ccd5bb28c620ff07ad29fdded85930a SSDeep: 96:lnakdkuSSsTAvhPYM1q7Ka+iISZc9gdqSVEl0FTTpM0+GOgQgk+:k8PvhQwYKhFSKiF/pM0ROX+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\1055\LocalizedData.xml	MD5: b672769becdaccdf01886ec044026f45 SHA1: 331f932a938255ec81fe0274bd15c710c022442f SHA256: d32aca72c5b133852a36340a0e34213b3dee6155ec72c363f14b9da8216197d2 SSDeep: 1536:XFQ2SF+vzdj5ttGWp+PVd74Lt0MdCaItObcRgdXdz+k2QMofY7PhR19h4u:1Q2e+vJj5DGu+DaZdrRbMgdXfxw7PVrn ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\1055\LocalizedData.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: b672769becdaccdf01886ec044026f45 SHA1: 331f932a938255ec81fe0274bd15c710c022442f SHA256: d32aca72c5b133852a36340a0e34213b3dee6155ec72c363f14b9da8216197d2 SSDeep: 1536:XFQ2SF+vzdj5ttGWp+PVd74Lt0MdCaItObcRgdXdz+k2QMofY7PhR19h4u:1Q2e+vJj5DGu+DaZdrRbMgdXfxw7PVrn ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\2052\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\2052\eula.rtf	MD5: d8ffdde0092facdee1cc8c8cc4a74819 SHA1: 907b2538a5168f7b304a25543a9f6fcbae2d231a SHA256: c95d1f19a10389db7f233a63e702fc9f3895e4afc3fdba74220df83ac4c54745 SSDeep: 192:Pi7r7JgFQINodjiZ2NYv2nXI1gtq+L+yXSXTROX+:Pi7rVuQjOZ2mv2nXIStmYSXTQu ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\2052\eula.rtf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: d8ffdde0092facdee1cc8c8cc4a74819 SHA1: 907b2538a5168f7b304a25543a9f6fcbae2d231a SHA256: c95d1f19a10389db7f233a63e702fc9f3895e4afc3fdba74220df83ac4c54745 SSDeep: 192:Pi7r7JgFQINodjiZ2NYv2nXI1gtq+L+yXSXTROX+:Pi7rVuQjOZ2mv2nXIStmYSXTQu ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\2052\LocalizedData.xml	MD5: 3d71c6e96cd2e57b000c895b0a075adc SHA1: 6ef67c8efdc4c11060e9cfc65dbbaad8ac3832a6 SHA256: d6a22f605a384c4eca34bbc94683d6f3af43e9da069e30f8345cb26ecdbb145d SSDeep: 1536:VAc4fmaDtHHFnec8vw3wRrt4BBP+S3FQ8acv4u:VAWaRFneLvw3a43P+0FI8 ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\2052\LocalizedData.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 3d71c6e96cd2e57b000c895b0a075adc SHA1: 6ef67c8efdc4c11060e9cfc65dbbaad8ac3832a6 SHA256: d6a22f605a384c4eca34bbc94683d6f3af43e9da069e30f8345cb26ecdbb145d SSDeep: 1536:VAc4fmaDtHHFnec8vw3wRrt4BBP+S3FQ8acv4u:VAWaRFneLvw3a43P+0FI8 ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\2070\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\2070\eula.rtf	MD5: 675f71dd1925205bd03654ad42c85708 SHA1: a7fa5944f65e1b90869f903c45ea3455c9d4478e SHA256: 64847ab98e90076a34e8be304d2ee96f4aad7dfa2a0abfb58d8024b8e515d095 SSDeep: 96:aCgSlo1PgxSAyqlwgcjm8klcyRglZ+BRUp9eiVYqP/+GOgQgk+:a1b6cj6iyEIBiuWYqP/ROX+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\2070\eula.rtf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 675f71dd1925205bd03654ad42c85708 SHA1: a7fa5944f65e1b90869f903c45ea3455c9d4478e SHA256: 64847ab98e90076a34e8be304d2ee96f4aad7dfa2a0abfb58d8024b8e515d095 SSDeep: 96:aCgSlo1PgxSAyqlwgcjm8klcyRglZ+BRUp9eiVYqP/+GOgQgk+:a1b6cj6iyEIBiuWYqP/ROX+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\2070\LocalizedData.xml	MD5: d22514813bb0230de58edcfcbe7c3dec SHA1: 623c0b827f25b1e100f0ff5a42729b65cdaf9ffc SHA256: 0c3565b688e80c98161d613238b73a09ebd60fca54c6e9775e09265e9de683d5 SSDeep: 1536:0AJOvir4HLqrZqjJqK4vQCPjhlXvgpZbWd0pWvFv9b4XTu:0AEar4rOZqn4vXhtvgTbtpWvxta6 ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\2070\LocalizedData.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: d22514813bb0230de58edcfcbe7c3dec SHA1: 623c0b827f25b1e100f0ff5a42729b65cdaf9ffc SHA256: 0c3565b688e80c98161d613238b73a09ebd60fca54c6e9775e09265e9de683d5 SSDeep: 1536:0AJOvir4HLqrZqjJqK4vQCPjhlXvgpZbWd0pWvFv9b4XTu:0AEar4rOZqn4vXhtvgTbtpWvxta6 ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\3076\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\3076\eula.rtf	MD5: 5daf20aef844f05b5433c387d17e71ee SHA1: 36d56d086277fa19d964dd7206896a7714c011f0 SHA256: 1fb2491b51edc9478bd125bfa3bde4c0b43ba1630a776d8889cebe3bf2419a39 SSDeep: 192:PX3kc+waFEHNabuFviiQsMONyf02p2XtsROX+:P0c0FEHcKbQsPC02pysQu ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\3076\eula.rtf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 5daf20aef844f05b5433c387d17e71ee SHA1: 36d56d086277fa19d964dd7206896a7714c011f0 SHA256: 1fb2491b51edc9478bd125bfa3bde4c0b43ba1630a776d8889cebe3bf2419a39 SSDeep: 192:PX3kc+waFEHNabuFviiQsMONyf02p2XtsROX+:P0c0FEHcKbQsPC02pysQu ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\3076\LocalizedData.xml	MD5: ac5dc5811ff3af7c8d0994d1ecf4b474 SHA1: a2befeab2c582e2c60867020cb86671fff273c2b SHA256: e50f13f4afa3dbfdc7ca268a94787001570c62c750e6de3ab1135d4074f067af SSDeep: 1536:bfjC7WH1kcFd+iiAV+4JtMTrUYRO0OR7Gv7z/Gmu:bGAkc+iiG+uArUYRO0V/i ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\3076\LocalizedData.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: ac5dc5811ff3af7c8d0994d1ecf4b474 SHA1: a2befeab2c582e2c60867020cb86671fff273c2b SHA256: e50f13f4afa3dbfdc7ca268a94787001570c62c750e6de3ab1135d4074f067af SSDeep: 1536:bfjC7WH1kcFd+iiAV+4JtMTrUYRO0OR7Gv7z/Gmu:bGAkc+iiG+uArUYRO0V/i ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\3082\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\3082\eula.rtf	MD5: 96729a39c2c0aa723d12c58d700301c5 SHA1: 6ea3553fb7a7e30642767900a154bf76e0a9a72e SHA256: 4352b9715650ca4ace23b8f8f339cfc61f83d64c90677c1db591e6f428bfc752 SSDeep: 96:XRiOeQilUiydSfaR6PjPWkOkLETFdLDFQz+GOgQgk+:BbeV+3dbmbWkFwZd2zROX+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\3082\eula.rtf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 96729a39c2c0aa723d12c58d700301c5 SHA1: 6ea3553fb7a7e30642767900a154bf76e0a9a72e SHA256: 4352b9715650ca4ace23b8f8f339cfc61f83d64c90677c1db591e6f428bfc752 SSDeep: 96:XRiOeQilUiydSfaR6PjPWkOkLETFdLDFQz+GOgQgk+:BbeV+3dbmbWkFwZd2zROX+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\3082\LocalizedData.xml	MD5: 0fe6408a42fc237582bc055b438d106d SHA1: 421c0199a7439da99e7ab841d6b35287df519e99 SHA256: 7206e794b67fb05d51294d932a6183dc161738e6a94b5680b18f97d5127580b4 SSDeep: 1536:uiDsk/Vlz6ZfhvE3leNsSJdg2hXZTnQd9KbNTUdWKy5yHeTjMgu:9lWXCle9nhXZ7QWbNTxKcs7 ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\3082\LocalizedData.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 0fe6408a42fc237582bc055b438d106d SHA1: 421c0199a7439da99e7ab841d6b35287df519e99 SHA256: 7206e794b67fb05d51294d932a6183dc161738e6a94b5680b18f97d5127580b4 SSDeep: 1536:uiDsk/Vlz6ZfhvE3leNsSJdg2hXZTnQd9KbNTUdWKy5yHeTjMgu:9lWXCle9nhXZ7QWbNTxKcs7 ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\Client\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\Client\Parameterinfo.xml	MD5: e306d65736f39a3f28a91483e3f98e31 SHA1: 95b81ba8a9300ca18d494856e6e7618b07be84ff SHA256: 39eac957284ac93c9d62c173c0bfd5c4b2bf15fcea36ebc09cc9fddbf2ad2052 SSDeep: 3072:Y0Hhl9vZu94bkHdPWfB77mfDtqj+rk1iBXo8Z1smuDMwpODJUtBIUGJZ:Bj9vuVQfBGUJ1iS8YPDMwsNUMUGJZ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\Client\Parameterinfo.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: e306d65736f39a3f28a91483e3f98e31 SHA1: 95b81ba8a9300ca18d494856e6e7618b07be84ff SHA256: 39eac957284ac93c9d62c173c0bfd5c4b2bf15fcea36ebc09cc9fddbf2ad2052 SSDeep: 3072:Y0Hhl9vZu94bkHdPWfB77mfDtqj+rk1iBXo8Z1smuDMwpODJUtBIUGJZ:Bj9vuVQfBGUJ1iS8YPDMwsNUMUGJZ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\Client\UiInfo.xml	MD5: 41fac6441e282655a4734ade71e4f031 SHA1: e4ab1d97a606daf3ae5bdc709f01b56777dcbf5d SHA256: 0bb49e025a96536a2fbe2952711712c1dbcee92365134af8ed44693b77418732 SSDeep: 768:3GqXefCvvLIvPf5dD4iEoRGsf4o3h8WPmZKNWmBgq9SDei+16Du:PXFTI/51E9H6h8x2fgq9YKyu ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\Client\UiInfo.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 41fac6441e282655a4734ade71e4f031 SHA1: e4ab1d97a606daf3ae5bdc709f01b56777dcbf5d SHA256: 0bb49e025a96536a2fbe2952711712c1dbcee92365134af8ed44693b77418732 SSDeep: 768:3GqXefCvvLIvPf5dD4iEoRGsf4o3h8WPmZKNWmBgq9SDei+16Du:PXFTI/51E9H6h8x2fgq9YKyu ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\DHtmlHeader.html	MD5: 079c0ae4ca228a1afa827d2fe1abcf7a SHA1: 764833c6053d140813cbcdeb953605ca21e6c1d2 SHA256: bdee7883c97e13b30906228c5ef2c1c1bfda1eb2fb6985872fcffcf765bcb155 SSDeep: 384:lnWY90J3JmKB+lyDmtSrTgwAGui5Cu13j1e/1EDN5nhcXwQu:RWsOJtutSompCup1e/1ERgRu ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\DHtmlHeader.html.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 079c0ae4ca228a1afa827d2fe1abcf7a SHA1: 764833c6053d140813cbcdeb953605ca21e6c1d2 SHA256: bdee7883c97e13b30906228c5ef2c1c1bfda1eb2fb6985872fcffcf765bcb155 SSDeep: 384:lnWY90J3JmKB+lyDmtSrTgwAGui5Cu13j1e/1EDN5nhcXwQu:RWsOJtutSompCup1e/1ERgRu ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\DisplayIcon.ico	MD5: 42928b77016f07a70e39b46760b5f97f SHA1: 800468d3c2263e75481919c9baa4204b6059954f SHA256: 51d6c9a317392917d514ee0c8d76a25e366c6a6f8d2de62e7b6c46d5b6829e54 SSDeep: 1536:srWY/JYzEGVzYrU8NVpL3qVhG844DkCouMALold/naRrNnFAEqxnEu:CW4GVzYYwVpbgP4sJI3K2E0z ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\DisplayIcon.ico.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 42928b77016f07a70e39b46760b5f97f SHA1: 800468d3c2263e75481919c9baa4204b6059954f SHA256: 51d6c9a317392917d514ee0c8d76a25e366c6a6f8d2de62e7b6c46d5b6829e54 SSDeep: 1536:srWY/JYzEGVzYrU8NVpL3qVhG844DkCouMALold/naRrNnFAEqxnEu:CW4GVzYYwVpbgP4sJI3K2E0z ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\Extended\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\Extended\Parameterinfo.xml	MD5: 656097096526547bbec65b612de25548 SHA1: 9af6743e475797ab7e2d5669535f66df8541bd39 SHA256: 5fd4b6344c8dffcf4a32372d805248748316947e3faf1ccaa07dd051c7598007 SSDeep: 1536:jA4r3Wa9EvuF71vnTCc0n1tmIp5c1A24tVXpX0yL9c15RIH6tZsZJ4Kr1u:jxhLnTqn1N9rXp0yq5KCZsn4F ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\Extended\Parameterinfo.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 656097096526547bbec65b612de25548 SHA1: 9af6743e475797ab7e2d5669535f66df8541bd39 SHA256: 5fd4b6344c8dffcf4a32372d805248748316947e3faf1ccaa07dd051c7598007 SSDeep: 1536:jA4r3Wa9EvuF71vnTCc0n1tmIp5c1A24tVXpX0yL9c15RIH6tZsZJ4Kr1u:jxhLnTqn1N9rXp0yq5KCZsn4F ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\Extended\UiInfo.xml	MD5: 521a886a027f0f3ef9e55d55a3b4a4c7 SHA1: d0cddcda871bee1ae1a9f16bfb1b066dbcc70757 SHA256: 9c8f44ed4adcfad21648166361011f0a71eaa8e03cad21a31652b734144ca4bb SSDeep: 768:sB/TocDLCG5gwbROfVwsNPyT4kdra08dYRL0uyG7Xh1hAXpMyP7u:MTocvxlO+sNKT4wra0vLMKymyP7u ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\Extended\UiInfo.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 521a886a027f0f3ef9e55d55a3b4a4c7 SHA1: d0cddcda871bee1ae1a9f16bfb1b066dbcc70757 SHA256: 9c8f44ed4adcfad21648166361011f0a71eaa8e03cad21a31652b734144ca4bb SSDeep: 768:sB/TocDLCG5gwbROfVwsNPyT4kdra08dYRL0uyG7Xh1hAXpMyP7u:MTocvxlO+sNKT4wra0vLMKymyP7u ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\Graphics\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\588bce7c90097ed212\Graphics\Print.ico	MD5: 34359995d20da6505a0f7ee7da671203 SHA1: 6b590b888fc7dbdfc7e782790b71680bc210493c SHA256: c5c08a4f7c889bf04d5358dac5f8811403be2ee00fc33649c791682d62eef210 SSDeep: 48:5DAZUNp6tlZ+NfqQL60x3BDt93zbOK4ybAFpD/pgG4xgQTAGZQLXiuQih:5etPxQlx3D9u5ybAzD/+GOgQgk+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\Graphics\Print.ico.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 34359995d20da6505a0f7ee7da671203 SHA1: 6b590b888fc7dbdfc7e782790b71680bc210493c SHA256: c5c08a4f7c889bf04d5358dac5f8811403be2ee00fc33649c791682d62eef210 SSDeep: 48:5DAZUNp6tlZ+NfqQL60x3BDt93zbOK4ybAFpD/pgG4xgQTAGZQLXiuQih:5etPxQlx3D9u5ybAzD/+GOgQgk+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\Graphics\Rotate1.ico	MD5: 73d0e4493eed91b966db046d8d468128 SHA1: acb077d8f496fe9564764b31afaba51eb57e6f4e SHA256: e6384c5e4abb7d0dddc9d0f7525f940164525511bbb569990c3a02561a434b32 SSDeep: 48:AkW2nhkhJFdzbN2IpgG4xgQTAGZQLXiuQih:hWphJFdzII+GOgQgk+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\Graphics\Rotate1.ico.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 73d0e4493eed91b966db046d8d468128 SHA1: acb077d8f496fe9564764b31afaba51eb57e6f4e SHA256: e6384c5e4abb7d0dddc9d0f7525f940164525511bbb569990c3a02561a434b32 SSDeep: 48:AkW2nhkhJFdzbN2IpgG4xgQTAGZQLXiuQih:hWphJFdzII+GOgQgk+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\Graphics\Rotate2.ico	MD5: d6fdbcf00ae086dc2a616c9712b95d50 SHA1: 5219055adc60a3a501098d22ef0e6424f1821c00 SHA256: b1c82c4e9ecb4bfa168ba17b700213bd65007ac325668d32017e6387fad54c61 SSDeep: 48:A9ZxGcuNpjeGK5gavOHpgG4xgQTAGZQLXiuQih:wZxGcu3jF8gCOH+GOgQgk+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\Graphics\Rotate2.ico.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: d6fdbcf00ae086dc2a616c9712b95d50 SHA1: 5219055adc60a3a501098d22ef0e6424f1821c00 SHA256: b1c82c4e9ecb4bfa168ba17b700213bd65007ac325668d32017e6387fad54c61 SSDeep: 48:A9ZxGcuNpjeGK5gavOHpgG4xgQTAGZQLXiuQih:wZxGcu3jF8gCOH+GOgQgk+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\Graphics\Rotate3.ico	MD5: 341e4635dcdc7afe0eb8abbb0f509bda SHA1: b27418a95f59281fba0106a25158f653414d1dd4 SHA256: fa4077c075745d064acc36cf3e853ec3b543847be61db939a84704e573fdf5b6 SSDeep: 48:AKH0CxlT5wqF/X2R0VK7KcmV8PlopgG4xgQTAGZQLXiuQih:DFF/X2WK7Kcmt+GOgQgk+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\Graphics\Rotate3.ico.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 341e4635dcdc7afe0eb8abbb0f509bda SHA1: b27418a95f59281fba0106a25158f653414d1dd4 SHA256: fa4077c075745d064acc36cf3e853ec3b543847be61db939a84704e573fdf5b6 SSDeep: 48:AKH0CxlT5wqF/X2R0VK7KcmV8PlopgG4xgQTAGZQLXiuQih:DFF/X2WK7Kcmt+GOgQgk+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\Graphics\Rotate4.ico	MD5: b68e115f8a92b2264c0ba711c9fa3402 SHA1: e4bca3d597602e5002d2f25e8a1606cd6db98701 SHA256: 1c3f1884c04cc0e1703487c439f4112850096d7f8df9d095f2de2b1b1432f463 SSDeep: 48:AbtYWw4zLz+Fv4Xil/hrMpgG4xgQTAGZQLXiuQih:8/ghM+GOgQgk+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\Graphics\Rotate4.ico.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: b68e115f8a92b2264c0ba711c9fa3402 SHA1: e4bca3d597602e5002d2f25e8a1606cd6db98701 SHA256: 1c3f1884c04cc0e1703487c439f4112850096d7f8df9d095f2de2b1b1432f463 SSDeep: 48:AbtYWw4zLz+Fv4Xil/hrMpgG4xgQTAGZQLXiuQih:8/ghM+GOgQgk+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\Graphics\Rotate5.ico	MD5: 2ee5fce684ae661c3e23ba0c93d2c0bc SHA1: dbf8784e3262d86a36da7396955e7425f5e9fc80 SHA256: 98b7cc3434a830bfb5039914e43dd4c27d2c914aaf770ba8d8ffbb6fa9399a1b SSDeep: 48:A7O7TFR2PiHsl02Wm/b4MRpFpgG4xgQTAGZQLXiuQih:EO7TFRkDlV/blpF+GOgQgk+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\Graphics\Rotate5.ico.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 2ee5fce684ae661c3e23ba0c93d2c0bc SHA1: dbf8784e3262d86a36da7396955e7425f5e9fc80 SHA256: 98b7cc3434a830bfb5039914e43dd4c27d2c914aaf770ba8d8ffbb6fa9399a1b SSDeep: 48:A7O7TFR2PiHsl02Wm/b4MRpFpgG4xgQTAGZQLXiuQih:EO7TFRkDlV/blpF+GOgQgk+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\Graphics\Rotate6.ico	MD5: 49e278395fc66fd8e2c9d97d5c47b3ad SHA1: eacbffe9e84e9aa5e04c2ae1044e3bb63ff0e3ff SHA256: 11a9e0c5e22aa7ea6b5dd621acb56c49182838ebef19722c7aea42a3057365c2 SSDeep: 48:APd9eeb3g+1liIWoMsQ9Af23a5ocZpgG4xgQTAGZQLXiuQih:m95TP1lbusGA+7cZ+GOgQgk+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\Graphics\Rotate6.ico.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 49e278395fc66fd8e2c9d97d5c47b3ad SHA1: eacbffe9e84e9aa5e04c2ae1044e3bb63ff0e3ff SHA256: 11a9e0c5e22aa7ea6b5dd621acb56c49182838ebef19722c7aea42a3057365c2 SSDeep: 48:APd9eeb3g+1liIWoMsQ9Af23a5ocZpgG4xgQTAGZQLXiuQih:m95TP1lbusGA+7cZ+GOgQgk+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\Graphics\Rotate7.ico	MD5: 468f9128446c242c4379dc5b5f658f29 SHA1: 56bc1cf7e6fd395eeba71a5fc6cca634831325be SHA256: 4c457c2b63636e81adf7b70e893bf96431693c4e49f73f9fff25c0345b512b67 SSDeep: 48:AT+mTEn7Vgd7bwLkufFmXzpgG4xgQTAGZQLXiuQih:nxY0oqmz+GOgQgk+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\Graphics\Rotate7.ico.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 468f9128446c242c4379dc5b5f658f29 SHA1: 56bc1cf7e6fd395eeba71a5fc6cca634831325be SHA256: 4c457c2b63636e81adf7b70e893bf96431693c4e49f73f9fff25c0345b512b67 SSDeep: 48:AT+mTEn7Vgd7bwLkufFmXzpgG4xgQTAGZQLXiuQih:nxY0oqmz+GOgQgk+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\Graphics\Rotate8.ico	MD5: c6018be32ed8642ad93c9d50ed64dde2 SHA1: 6d3126d3b05eaa5ffa6227de54d35976c0117e5c SHA256: 7b1da6287cbf91533b517dbeb5a6364daee785521b7687ebc66d8c8994aed265 SSDeep: 48:AWj1SGOIL2v8N9d21OpgG4xgQTAGZQLXiuQih:vqEN9d2A+GOgQgk+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\Graphics\Rotate8.ico.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: c6018be32ed8642ad93c9d50ed64dde2 SHA1: 6d3126d3b05eaa5ffa6227de54d35976c0117e5c SHA256: 7b1da6287cbf91533b517dbeb5a6364daee785521b7687ebc66d8c8994aed265 SSDeep: 48:AWj1SGOIL2v8N9d21OpgG4xgQTAGZQLXiuQih:vqEN9d2A+GOgQgk+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\Graphics\Save.ico	MD5: 571d12ecc8acdab5c53f6491fb0ef5e4 SHA1: 718544ee173ac3e68f43b8d159aa76e66eabc6ff SHA256: d5d605d0297ad3186ce6dcf5bfa3d75e3df0c06dcc06c8f650e0b2d4d062da0f SSDeep: 48:E7DlsyQ40rgHgpItPw2hJ8sgP4Jz5FMkpgG4xgQTAGZQLXiuQih:agHrHF2hrm4+GOgQgk+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\Graphics\Save.ico.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 571d12ecc8acdab5c53f6491fb0ef5e4 SHA1: 718544ee173ac3e68f43b8d159aa76e66eabc6ff SHA256: d5d605d0297ad3186ce6dcf5bfa3d75e3df0c06dcc06c8f650e0b2d4d062da0f SSDeep: 48:E7DlsyQ40rgHgpItPw2hJ8sgP4Jz5FMkpgG4xgQTAGZQLXiuQih:agHrHF2hrm4+GOgQgk+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\Graphics\Setup.ico	MD5: 5bf5f64cb7fe048baf24235364f1e4cc SHA1: 43391ae3c3125071da7cc018de55aa8b1e8ba769 SHA256: 7d60b65c4f97bbe3270862e2b2c2aff5b492e0eecfb7a099aa9f9219d305f2ed SSDeep: 768:k1MivIis5MmYYIC2dlyfKdaRhJpRY0cTjXFKwF1HZVey6l9sbm6wDB5qRu:k1ZvEVHIC6fdaTJpG0cTjfVeKADzEu ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\Graphics\Setup.ico.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 5bf5f64cb7fe048baf24235364f1e4cc SHA1: 43391ae3c3125071da7cc018de55aa8b1e8ba769 SHA256: 7d60b65c4f97bbe3270862e2b2c2aff5b492e0eecfb7a099aa9f9219d305f2ed SSDeep: 768:k1MivIis5MmYYIC2dlyfKdaRhJpRY0cTjXFKwF1HZVey6l9sbm6wDB5qRu:k1ZvEVHIC6fdaTJpG0cTjfVeKADzEu ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\Graphics\stop.ico	MD5: 9bbde0494a7a68b8f54183d61eb3cace SHA1: 91fcdd1b3da4bea9dd4ee7b7a7f5f58b57530b65 SHA256: 364af33c6cf42b890f5fc41d4149a05e0c3a849b26e81c01fc6e02e90c3e0138 SSDeep: 192:n8Hj3+/4Sj1qdQJyEUlZO/umHCqB+L/vUjTVtBf6+IFLQTggNX1XtjTabu+amROu:n8Hj3+/NjOEUPeBQLHU3VtBSTinhWQu ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\Graphics\stop.ico.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 9bbde0494a7a68b8f54183d61eb3cace SHA1: 91fcdd1b3da4bea9dd4ee7b7a7f5f58b57530b65 SHA256: 364af33c6cf42b890f5fc41d4149a05e0c3a849b26e81c01fc6e02e90c3e0138 SSDeep: 192:n8Hj3+/4Sj1qdQJyEUlZO/umHCqB+L/vUjTVtBf6+IFLQTggNX1XtjTabu+amROu:n8Hj3+/NjOEUPeBQLHU3VtBSTinhWQu ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\Graphics\SysReqMet.ico	MD5: 99f918ada121cbdc9ae680f8e5d3f5be SHA1: 51c29e2257e980af8762744ca603750d8630febf SHA256: c391a8b1acb517cef4ec1aa333dcdca89802d50a1763d1f5c079b590a8235a4e SSDeep: 48:lggzHGm0EhbrtaQmuSM6n+jYbfePpgG4xgQTAGZQLXiuQih:zThdaqzK+VP+GOgQgk+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\Graphics\SysReqMet.ico.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 99f918ada121cbdc9ae680f8e5d3f5be SHA1: 51c29e2257e980af8762744ca603750d8630febf SHA256: c391a8b1acb517cef4ec1aa333dcdca89802d50a1763d1f5c079b590a8235a4e SSDeep: 48:lggzHGm0EhbrtaQmuSM6n+jYbfePpgG4xgQTAGZQLXiuQih:zThdaqzK+VP+GOgQgk+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico	MD5: 3e828d81bd5d5b5effaf9a24e1d4c118 SHA1: 6b58ec8c9f52f02abd844682d8a9dd25f7e5317f SHA256: ae71f04ab9a629a8226636a2f9f5d0ba7dd0cde765e53886f59f1597ad3d37b1 SSDeep: 48:MShC9v/RrRVMHp6a68SFXFB6Y8dypgG4xgQTAGZQLXiuQih:Ml9vbVaHfSFFBydy+GOgQgk+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 3e828d81bd5d5b5effaf9a24e1d4c118 SHA1: 6b58ec8c9f52f02abd844682d8a9dd25f7e5317f SHA256: ae71f04ab9a629a8226636a2f9f5d0ba7dd0cde765e53886f59f1597ad3d37b1 SSDeep: 48:MShC9v/RrRVMHp6a68SFXFB6Y8dypgG4xgQTAGZQLXiuQih:Ml9vbVaHfSFFBydy+GOgQgk+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\Graphics\warn.ico	MD5: f8d06eb57b4555d180cff559168412d5 SHA1: 5d9c2e07ded94636b3315e46ac9d9ebddf061ff2 SHA256: f0742d6a0d1787117a7eeb3dfbf05ce78b2339dd590e395eb7d1ff30a72e4689 SSDeep: 192:gFaN+aqDEQob1M/geGwYxBdPBELLUvf5Z7HdUdzZ8H+I31e/qROX+:gFaBpb2M/dFdidzdIQCQu ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\Graphics\warn.ico.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: f8d06eb57b4555d180cff559168412d5 SHA1: 5d9c2e07ded94636b3315e46ac9d9ebddf061ff2 SHA256: f0742d6a0d1787117a7eeb3dfbf05ce78b2339dd590e395eb7d1ff30a72e4689 SSDeep: 192:gFaN+aqDEQob1M/geGwYxBdPBELLUvf5Z7HdUdzZ8H+I31e/qROX+:gFaBpb2M/dFdidzdIQCQu ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\header.bmp	MD5: 5c723559e96aef78a693f433f1b6686f SHA1: 16b630688f7aa6ece7d2849590ab59f8c6229f59 SHA256: c857c837efaac0e8d3590b3c07545ea36fdcaaefd0f3592e4d59332b0dd20fbb SSDeep: 96:yqLBohbI8hMqHH6YkFcoB6yoaoqEMR5XUBlNpSxNOu+GOgQgk+:yqqhbI8hvHoPdoqZ3XccROX+ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\header.bmp.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 5c723559e96aef78a693f433f1b6686f SHA1: 16b630688f7aa6ece7d2849590ab59f8c6229f59 SHA256: c857c837efaac0e8d3590b3c07545ea36fdcaaefd0f3592e4d59332b0dd20fbb SSDeep: 96:yqLBohbI8hMqHH6YkFcoB6yoaoqEMR5XUBlNpSxNOu+GOgQgk+:yqqhbI8hvHoPdoqZ3XccROX+ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\netfx_Core.mzz	MD5: cbe34befba85e6cf1c7e6b101c7f93a7 SHA1: 040962125c722940ba6ad45c320e523d41198715 SHA256: fc17786500498273c55dc6893afeeff7f6d25729857256f88982d32e2ac604ac SSDeep: 196608:98V04YyKSBXZ35w+KBK2KJKDcloT46ooP8ZNoz+hK12RP1O7lT:9l4Y7qZ3CwFISoT46ooP8Zyz+hm6Mp ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\netfx_Core.mzz.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: cbe34befba85e6cf1c7e6b101c7f93a7 SHA1: 040962125c722940ba6ad45c320e523d41198715 SHA256: fc17786500498273c55dc6893afeeff7f6d25729857256f88982d32e2ac604ac SSDeep: 196608:98V04YyKSBXZ35w+KBK2KJKDcloT46ooP8ZNoz+hK12RP1O7lT:9l4Y7qZ3CwFISoT46ooP8Zyz+hm6Mp ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\netfx_Core_x64.msi	MD5: 48224ea59b9642a881ff26c1bf751bf8 SHA1: ddc5016dde81b225dff7e6e7cb9ef0e37a44f009 SHA256: 954a73b0466274f74214ae2da05fc43932fe9e841ece24d9e3ccb4422746fc50 SSDeep: 24576:VbA1WOc0c+BQbPyxbs4rONSnfiPBC6xahsovoMfjhOGxZWxw0l:gcxisfQf2M6FGoMLg ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\netfx_Core_x64.msi.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 48224ea59b9642a881ff26c1bf751bf8 SHA1: ddc5016dde81b225dff7e6e7cb9ef0e37a44f009 SHA256: 954a73b0466274f74214ae2da05fc43932fe9e841ece24d9e3ccb4422746fc50 SSDeep: 24576:VbA1WOc0c+BQbPyxbs4rONSnfiPBC6xahsovoMfjhOGxZWxw0l:gcxisfQf2M6FGoMLg ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\netfx_Core_x86.msi	MD5: 3f82ae61fe9632ecbbb3c13aabf8591b SHA1: cae5cad8f05e00fa04055ce96e3b27460112d45f SHA256: 5a870542a4d71f162526ce9bea2e4d16cf560d746b83f5bb2588bdf27e36f6b0 SSDeep: 12288:tFCQWAA6jO19ACqPL4+hCZ+VkjabDTnxTR8QFqwSOTcnu9ikfdt6TJ6PuX3BdB1:tFCQe196PL4YwabPx9bswH/fd6pxr1 ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\netfx_Core_x86.msi.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 3f82ae61fe9632ecbbb3c13aabf8591b SHA1: cae5cad8f05e00fa04055ce96e3b27460112d45f SHA256: 5a870542a4d71f162526ce9bea2e4d16cf560d746b83f5bb2588bdf27e36f6b0 SSDeep: 12288:tFCQWAA6jO19ACqPL4+hCZ+VkjabDTnxTR8QFqwSOTcnu9ikfdt6TJ6PuX3BdB1:tFCQe196PL4YwabPx9bswH/fd6pxr1 ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\netfx_Extended.mzz	MD5: 5630fc8e772c2b375cdb5fad2bd1ecb9 SHA1: 4bceb5f175b78cac39cea252fdcf48751a26c9fd SHA256: 59ef5e9508570a30684a6a479a9808a0680fa9fcf5678f2fc1bfdc8e036815e8 SSDeep: 49152:mMmCAJcpSdqU6tLnvVqSK5G22mDgBOOmeGGiU9Erqkbnt7QTr5+Oc2EI+8dd0ZwR:XJAktZKH2mALErq2nt7rvfI+vZpfQ ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\netfx_Extended.mzz.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 5630fc8e772c2b375cdb5fad2bd1ecb9 SHA1: 4bceb5f175b78cac39cea252fdcf48751a26c9fd SHA256: 59ef5e9508570a30684a6a479a9808a0680fa9fcf5678f2fc1bfdc8e036815e8 SSDeep: 49152:mMmCAJcpSdqU6tLnvVqSK5G22mDgBOOmeGGiU9Erqkbnt7QTr5+Oc2EI+8dd0ZwR:XJAktZKH2mALErq2nt7rvfI+vZpfQ ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\netfx_Extended_x64.msi	MD5: 57ab968b26a3a8d43c3c4676a2ae176c SHA1: 9466b67df5426fe4466dce7888d7d84153b3ac19 SHA256: 2d4e4d3cf40b539070f65204752df55107d3e0c495ca65886948441f0caf8646 SSDeep: 24576:0EHnk7Akl3aOvQucqGRpOQSpKiPBD6txBkkkkk5SVL:bnkMkl3Bbc4Fc216XmSN ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\netfx_Extended_x64.msi.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 57ab968b26a3a8d43c3c4676a2ae176c SHA1: 9466b67df5426fe4466dce7888d7d84153b3ac19 SHA256: 2d4e4d3cf40b539070f65204752df55107d3e0c495ca65886948441f0caf8646 SSDeep: 24576:0EHnk7Akl3aOvQucqGRpOQSpKiPBD6txBkkkkk5SVL:bnkMkl3Bbc4Fc216XmSN ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\netfx_Extended_x86.msi	MD5: 834088bf6a10c0cd34f93f8f17d18a14 SHA1: a89cde93fb025d8e4e68c53e3caf9f799a9dcc82 SHA256: 81e31991a0f38caf26cac621b5f918685b75b4ea78b464d185b7900768182c7c SSDeep: 6144:DSkLLVBM7u4r298vjBvVK5h+Ek50/cHafPbl3JJFTSJwjZSBVv+lYjsm6FBQ0ssL:GAM/r2YBdKf+EVbfP53LvZ+VhjErt ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\netfx_Extended_x86.msi.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 834088bf6a10c0cd34f93f8f17d18a14 SHA1: a89cde93fb025d8e4e68c53e3caf9f799a9dcc82 SHA256: 81e31991a0f38caf26cac621b5f918685b75b4ea78b464d185b7900768182c7c SSDeep: 6144:DSkLLVBM7u4r298vjBvVK5h+Ek50/cHafPbl3JJFTSJwjZSBVv+lYjsm6FBQ0ssL:GAM/r2YBdKf+EVbfP53LvZ+VhjErt ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\ParameterInfo.xml	MD5: 5baa4cc615ae1ee93be261c201f7e9aa SHA1: 0c9d4aec17a94ce84d75b719262485a80567016c SHA256: ec9bc6a2db6690a9a1aace2e182e43af24cc096480b2ef3cfbd6ebdfbe653add SSDeep: 6144:Ll8HRpzGOXZ2Xv/ZmTJnXXt4R0DXhaa+Su0Xidgc+s+B/:LyHRpzGqZmJmJX9A0bhaTvf+B ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\ParameterInfo.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 5baa4cc615ae1ee93be261c201f7e9aa SHA1: 0c9d4aec17a94ce84d75b719262485a80567016c SHA256: ec9bc6a2db6690a9a1aace2e182e43af24cc096480b2ef3cfbd6ebdfbe653add SSDeep: 6144:Ll8HRpzGOXZ2Xv/ZmTJnXXt4R0DXhaa+Su0Xidgc+s+B/:LyHRpzGqZmJmJX9A0bhaTvf+B ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\RGB9RAST_x64.msi	MD5: 76c5bfbb16f21d92619ca30aab99c664 SHA1: d8a7dbab89d5ec439281eadd2ea04b4441677e8f SHA256: cfb022fa14363353c72a6733cf3acfc9a0ef92013400501dbe5aaf068e850bac SSDeep: 3072:WCc35epDmtrT6sukbN1I1a8fc8JWQO5+kOdg79PSj6j18E2LQ0IA:Lnlm52mBeaSJWQOcilSjPEoIA ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\RGB9RAST_x64.msi.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 76c5bfbb16f21d92619ca30aab99c664 SHA1: d8a7dbab89d5ec439281eadd2ea04b4441677e8f SHA256: cfb022fa14363353c72a6733cf3acfc9a0ef92013400501dbe5aaf068e850bac SSDeep: 3072:WCc35epDmtrT6sukbN1I1a8fc8JWQO5+kOdg79PSj6j18E2LQ0IA:Lnlm52mBeaSJWQOcilSjPEoIA ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\RGB9Rast_x86.msi	MD5: 200958225faf90dca7cec0df16398030 SHA1: 3ce1f273cb1d6157757e9223e792a297e940d42c SHA256: 98d9ca88715cf8bb9673c2181fe58038dd3e3573486c693e05fc87ff858d680b SSDeep: 1536:yOWJ4q6hZR7E6uYgVAnUgCYX+BOfk59Lhi9cXqUxO5f9iaDpuvlS/7VgsQAVY6Su:yOW+XhZEYlUgCYX+Bt3kWqYAfU6pUUBD ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\RGB9Rast_x86.msi.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 200958225faf90dca7cec0df16398030 SHA1: 3ce1f273cb1d6157757e9223e792a297e940d42c SHA256: 98d9ca88715cf8bb9673c2181fe58038dd3e3573486c693e05fc87ff858d680b SSDeep: 1536:yOWJ4q6hZR7E6uYgVAnUgCYX+BOfk59Lhi9cXqUxO5f9iaDpuvlS/7VgsQAVY6Su:yOW+XhZEYlUgCYX+Bt3kWqYAfU6pUUBD ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\SetupUi.xsd	MD5: b771bb534d811d7983cb3262e62803c6 SHA1: e68d0d28bba9cf305c08d23be61a92657442fd07 SHA256: 39f5be9f82c8f736bfde6458859b422b745e74f2112c29c906df8879279d57af SSDeep: 768:EnPmeZbEMTUt3vw1J9K2Gli4xVms6ywcHJUdau:EPmeiM0OJ9K5tLRHtu ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\SetupUi.xsd.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: b771bb534d811d7983cb3262e62803c6 SHA1: e68d0d28bba9cf305c08d23be61a92657442fd07 SHA256: 39f5be9f82c8f736bfde6458859b422b745e74f2112c29c906df8879279d57af SSDeep: 768:EnPmeZbEMTUt3vw1J9K2Gli4xVms6ywcHJUdau:EPmeiM0OJ9K5tLRHtu ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\SplashScreen.bmp	MD5: a6667d5a74281adb42990974197b4a13 SHA1: 7c6240d272ef72663b85067bc4a15997739afc09 SHA256: fa7263217f0c645d8dca6dddf6ac8e361f0a152fbaab6ed6165c3b4438d73d40 SSDeep: 768:TSEEApiU5WdXn9OTSo6ZuRF9mwIJzwjDmVDIfNyOtu:diU5rTSojLmr5wvm1IfNfu ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\SplashScreen.bmp.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: a6667d5a74281adb42990974197b4a13 SHA1: 7c6240d272ef72663b85067bc4a15997739afc09 SHA256: fa7263217f0c645d8dca6dddf6ac8e361f0a152fbaab6ed6165c3b4438d73d40 SSDeep: 768:TSEEApiU5WdXn9OTSo6ZuRF9mwIJzwjDmVDIfNyOtu:diU5rTSojLmr5wvm1IfNfu ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\Strings.xml	MD5: 0047ce90d7ca239d6f8cad7f00b08eb9 SHA1: a166cebb0d39059f6f5a34d6e7f7064eeeca073e SHA256: 20cd0fb8eedbf866f0ef01d44d5253c4cff18ecae61f55d7b6e96d9c01279817 SSDeep: 384:x6kd6q9bljrCT0KOkIxLkz8AiHayPQqHaPE+lYZ6W7Qu:j9bVCTEBkzziHayN2EkY4Wsu ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\Strings.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 0047ce90d7ca239d6f8cad7f00b08eb9 SHA1: a166cebb0d39059f6f5a34d6e7f7064eeeca073e SHA256: 20cd0fb8eedbf866f0ef01d44d5253c4cff18ecae61f55d7b6e96d9c01279817 SSDeep: 384:x6kd6q9bljrCT0KOkIxLkz8AiHayPQqHaPE+lYZ6W7Qu:j9bVCTEBkzziHayN2EkY4Wsu ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\UiInfo.xml	MD5: 41fca72a73d6022e42752739dceff52d SHA1: fac77a74d7b82ed8ce0f1688c2908b0149208053 SHA256: 6ea07e85414666ede3982c6e12a4d44f240b67e50e56b8419c77160435c225c0 SSDeep: 768:T+WWzOVdMazHz2bgn8hB9my4mZqEy3AqzoIMMFYJMBbL2bcu:gmMyzn8r9j4TAfMF26ygu ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\UiInfo.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 41fca72a73d6022e42752739dceff52d SHA1: fac77a74d7b82ed8ce0f1688c2908b0149208053 SHA256: 6ea07e85414666ede3982c6e12a4d44f240b67e50e56b8419c77160435c225c0 SSDeep: 768:T+WWzOVdMazHz2bgn8hB9my4mZqEy3AqzoIMMFYJMBbL2bcu:gmMyzn8r9j4TAfMF26ygu ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\watermark.bmp	MD5: f2dd1f563644d2a788b546461084cc7f SHA1: 68114a8bab7c1ff1a0b80d04a46f7356fb2f2718 SHA256: acf4ae44d8e18afeb523b9c7c104c7dba6e2fd7cef8d29424a757fbae66385ed SSDeep: 3072:gu6wQJ7zgIrswElhhsPUbJP1/nt4olSHY0:GZR8csth+MbnV4YSHY0 ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\watermark.bmp.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: f2dd1f563644d2a788b546461084cc7f SHA1: 68114a8bab7c1ff1a0b80d04a46f7356fb2f2718 SHA256: acf4ae44d8e18afeb523b9c7c104c7dba6e2fd7cef8d29424a757fbae66385ed SSDeep: 3072:gu6wQJ7zgIrswElhhsPUbJP1/nt4olSHY0:GZR8csth+MbnV4YSHY0 ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu	MD5: 7eabef10631ee931f2e051eb1434711f SHA1: 5a6b17f9318213c8974ed73f60d45a1b333be775 SHA256: bb3adbc71cc9c32875b42d20cfbe0f72cc67b70a9dbc86a2f062e94051721953 SSDeep: 98304:JeQpOfvuEAUjX57BkOKxUKnat45mFe4H5+Ju4JKUYc93iKlOKJhlj:ktX3ZBkOK2Knq45mY4H5OMKkKzlj ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 7eabef10631ee931f2e051eb1434711f SHA1: 5a6b17f9318213c8974ed73f60d45a1b333be775 SHA256: bb3adbc71cc9c32875b42d20cfbe0f72cc67b70a9dbc86a2f062e94051721953 SSDeep: 98304:JeQpOfvuEAUjX57BkOKxUKnat45mFe4H5+Ju4JKUYc93iKlOKJhlj:ktX3ZBkOK2Knq45mY4H5OMKkKzlj ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu	MD5: 403fd3f0e759bf39df1aec04fcf6a091 SHA1: 7909c9cd0fd89f4aff81d729fb589ce3d30983fc SHA256: aa08c01acdc3f3c4719c5fb77a0a9821bccbf72fbd8aa8d73fd1bd3fd66abd29 SSDeep: 49152:Gn6NyxV4YaG7T2DumT1r7AdXZy9KU2KUYxs35DKZ3OIKxWh0e1:Z6V4YakTo1PAdXZzKUYxs3pKZnKxfe1 ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 403fd3f0e759bf39df1aec04fcf6a091 SHA1: 7909c9cd0fd89f4aff81d729fb589ce3d30983fc SHA256: aa08c01acdc3f3c4719c5fb77a0a9821bccbf72fbd8aa8d73fd1bd3fd66abd29 SSDeep: 49152:Gn6NyxV4YaG7T2DumT1r7AdXZy9KU2KUYxs35DKZ3OIKxWh0e1:Z6V4YakTo1PAdXZzKUYxs3pKZnKxfe1 ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu	MD5: 1fd088e04a86b81b2beb792ec560e9a1 SHA1: 22821524fe3e4020186638083f431e330a193dac SHA256: 816abf38209d853f9f74824fb5f2d9c84155f6e80259fb8b0105933250b545be SSDeep: 98304:qBpWf0pKy/aBHTKYzKXH54UuFe1kBpHua/KUKcs3DKVDK6rCs:d7BBHTK8KXZ4UuY1kB1iKFKmt ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 1fd088e04a86b81b2beb792ec560e9a1 SHA1: 22821524fe3e4020186638083f431e330a193dac SHA256: 816abf38209d853f9f74824fb5f2d9c84155f6e80259fb8b0105933250b545be SSDeep: 98304:qBpWf0pKy/aBHTKYzKXH54UuFe1kBpHua/KUKcs3DKVDK6rCs:d7BBHTK8KXZ4UuY1kB1iKFKmt ImpHash: None	Access	Dropped File
C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu	MD5: 72816e0d75e13c38705f6320dbb8bfa9 SHA1: fb4b3165b399388a02c0a2c1e74f73729e140ac7 SHA256: 968d04a0f930f6fbd51ffcba193164e890cfaae6c78a152360a4c43f191f96c1 SSDeep: 49152:V0qfQFZtrJ6EeaDuv7GuMRau8yuXQFKUYcs3HVKf3rhKzdNw:uqGrJneDGnRau84KUYcs31KfFKzdNw ImpHash: None	Access, Read, Write	Modified File
C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 72816e0d75e13c38705f6320dbb8bfa9 SHA1: fb4b3165b399388a02c0a2c1e74f73729e140ac7 SHA256: 968d04a0f930f6fbd51ffcba193164e890cfaae6c78a152360a4c43f191f96c1 SSDeep: 49152:V0qfQFZtrJ6EeaDuv7GuMRau8yuXQFKUYcs3HVKf3rhKzdNw:uqGrJneDGnRau84KUYcs31KfFKzdNw ImpHash: None	Access	Dropped File
C:\bootmgr	-	Access
C:\BOOTNXT	-	Access, Read, Write
C:\BOOTNXT.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: aae6d896813b7ba7f0dfb910226608d7 SHA1: 093e4d3f5345402b2311829e7fccf4a77958048e SHA256: 5ef72713d7991b7b8ccbfe12a0fb3749f7ea56b106a1188b759fdd048c6a3ee3 SSDeep: 24:r44zEqh6CtrpWR3GYHvfcIgYOkTHvC36hoWOUzMGZPZmDC4RLbi90SdEG2Wk7l:r4cLZpgG4xgQTAGZQLXiuQih ImpHash: None	Access	Dropped File
C:\Logs\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\Logs\Application.evtx	MD5: 891795488f0d8c947eb72292a369db07 SHA1: affa47008f478ccc15c1204e9ab74ad93090ad57 SHA256: f63489f6d54a86cecce5f379cea9fd7992b873a10a25c78166c69b45103b8e8b SSDeep: 1536:G+2A+U+YAivYwsDFw4MK+bxkMhK+Tq58xf0JAu2u:r2AqYrWWHK+1Y+Tq58xf09 ImpHash: None	Access, Read, Write	Modified File
C:\Logs\Application.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 891795488f0d8c947eb72292a369db07 SHA1: affa47008f478ccc15c1204e9ab74ad93090ad57 SHA256: f63489f6d54a86cecce5f379cea9fd7992b873a10a25c78166c69b45103b8e8b SSDeep: 1536:G+2A+U+YAivYwsDFw4MK+bxkMhK+Tq58xf0JAu2u:r2AqYrWWHK+1Y+Tq58xf09 ImpHash: None	Access	Dropped File
C:\Logs\HardwareEvents.evtx	MD5: 2ee084c48fa2a28cb9464069f37cdbb7 SHA1: d115cbc5e88dd63621adcbebbdbc680765c6799b SHA256: e15f7086edb577f2671e1f020a52d56cc7d878b357bbaabe3e782de0ea94ab30 SSDeep: 3:MgAWl1lH/1EY+qfaltpRTtPl2tVRl/l:Mkf7NijRM ImpHash: None	Access, Read, Write	Modified File
C:\Logs\HardwareEvents.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: bb0857c6c294b4f535fa0ea636cd8aee SHA1: 0222525d43edea8f1fa3efe6bf5006af82fe1bbf SHA256: 82428a75322a49078be667b7f215b9c27d82753bd4fabb6567db96a8dda0129c SSDeep: 1536:hez2V9Y4uO9ma1UWWo3kKZLfC6s85xCDktpWhpPQqUojh2ixdUHsZu:h8+5X9xZN3zBA8FjWhDUixdUHsQ ImpHash: None	Access	Dropped File
C:\Logs\Internet Explorer.evtx	MD5: 2ee084c48fa2a28cb9464069f37cdbb7 SHA1: d115cbc5e88dd63621adcbebbdbc680765c6799b SHA256: e15f7086edb577f2671e1f020a52d56cc7d878b357bbaabe3e782de0ea94ab30 SSDeep: 3:MgAWl1lH/1EY+qfaltpRTtPl2tVRl/l:Mkf7NijRM ImpHash: None	Access, Read, Write	Modified File
C:\Logs\Internet Explorer.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 08ff9067212262863041d8150f6cf31e SHA1: 4fdf97fc157eb9fa659d13cfafde967e5bf0e8a4 SHA256: dd28861b166fd918ff453e9a0f0502f364142beaa1d325372bc3df40b4512f40 SSDeep: 1536:vXo1c3GxP8yZdO72abFQGu6Dme1EymmVP7KfYObixyPyUZ3FqyGu:vn2xOKsFQGu6Dme1PmkPgZ2YPyUZVxt ImpHash: None	Access	Dropped File
C:\Logs\Key Management Service.evtx	MD5: 2ee084c48fa2a28cb9464069f37cdbb7 SHA1: d115cbc5e88dd63621adcbebbdbc680765c6799b SHA256: e15f7086edb577f2671e1f020a52d56cc7d878b357bbaabe3e782de0ea94ab30 SSDeep: 3:MgAWl1lH/1EY+qfaltpRTtPl2tVRl/l:Mkf7NijRM ImpHash: None	Access, Read, Write	Modified File
C:\Logs\Key Management Service.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 0b19ae87ca423d8676f2b9188f28f46b SHA1: 604e4cbb9805c63c6dd1154cef901deaa5c04bef SHA256: 90416553f362b7fabfc763f002ba1bc11b3d775b61a9d8a514bb580fa980f6ca SSDeep: 1536:3iFjQ6JmNAyzaaamhAc+jAQHCjQTAMnR27sWDXu:USNARa7AvjA0nTOsW6 ImpHash: None	Access	Dropped File
C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx	MD5: aacc5f1f6922fa4fab4f449f1a0b39d1 SHA1: 3ba4377e665c33981f5b83cd40b2a804a94e3d88 SHA256: cfcc6623b46714a48b6758331a716ef8c15188e8099860669a96a1953724fc35 SSDeep: 1536:4SoYeytDSIkXpM0DrCBf2HHY0r1mwZjMBZE4y3Xydu:/oYeyteJSw2f6YXw9MZw3XyE ImpHash: None	Access, Read, Write	Modified File
C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: aacc5f1f6922fa4fab4f449f1a0b39d1 SHA1: 3ba4377e665c33981f5b83cd40b2a804a94e3d88 SHA256: cfcc6623b46714a48b6758331a716ef8c15188e8099860669a96a1953724fc35 SSDeep: 1536:4SoYeytDSIkXpM0DrCBf2HHY0r1mwZjMBZE4y3Xydu:/oYeyteJSw2f6YXw9MZw3XyE ImpHash: None	Access	Dropped File
C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx	MD5: 2ee084c48fa2a28cb9464069f37cdbb7 SHA1: d115cbc5e88dd63621adcbebbdbc680765c6799b SHA256: e15f7086edb577f2671e1f020a52d56cc7d878b357bbaabe3e782de0ea94ab30 SSDeep: 3:MgAWl1lH/1EY+qfaltpRTtPl2tVRl/l:Mkf7NijRM ImpHash: None	Access, Read, Write	Modified File
C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 6b51e0714f43d2962572768b60c8eefa SHA1: cb55057eb2e425c98593f100df820e7dee626d73 SHA256: 4739cbdf21af6def81d00c04f579fc6ee2eff2859a6e8e96420bad6fa4a0c099 SSDeep: 1536:ZCAnXym6x49pIJEFY2khLqWQ2XOJF9wRNHzuqlo4ymjJH7PSV30SmmheRFOm7kSh:ZCoXs494ANk99XOJFpwoFg7PSVkSm9w8 ImpHash: None	Access	Dropped File
C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx	MD5: 08f0f8926d5d9599b13e423876bb795d SHA1: 6c5a5183ad56e99ab1bac24cf6a63f2698f2ded5 SHA256: 847d4bc500c50caff24ef81c7948afb12eb05d0af08fb1435da422b379143dd9 SSDeep: 3072:3vNtWKLqq6cIAKa5LVvWctygawrztr31Wou37v8tTbceInF9bGhqq1ALnXi/YHPk:7v+q7puoyf6t7K37AbceIn3G4qWlG3 ImpHash: None	Access, Read, Write	Modified File
C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 08f0f8926d5d9599b13e423876bb795d SHA1: 6c5a5183ad56e99ab1bac24cf6a63f2698f2ded5 SHA256: 847d4bc500c50caff24ef81c7948afb12eb05d0af08fb1435da422b379143dd9 SSDeep: 3072:3vNtWKLqq6cIAKa5LVvWctygawrztr31Wou37v8tTbceInF9bGhqq1ALnXi/YHPk:7v+q7puoyf6t7K37AbceIn3G4qWlG3 ImpHash: None	Access	Dropped File
C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx	MD5: 2ee084c48fa2a28cb9464069f37cdbb7 SHA1: d115cbc5e88dd63621adcbebbdbc680765c6799b SHA256: e15f7086edb577f2671e1f020a52d56cc7d878b357bbaabe3e782de0ea94ab30 SSDeep: 3:MgAWl1lH/1EY+qfaltpRTtPl2tVRl/l:Mkf7NijRM ImpHash: None	Access, Read, Write	Modified File
C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: c48d7e38fb5ea82d4bebebee90a8839d SHA1: d11e67d6422ed205380f6ffd28577e24f34dcf6d SHA256: a2a111316b72807ae9821e7aee06698fcf294557a6f50ecb59f9460d6931b6f2 SSDeep: 1536:5d0vH9xzzFaripg2zpi+KKwNhhAWlk25VkBI23KcVyco0itu:fUHHzRariG2zpi3KwN/lk9IG1VcU ImpHash: None	Access	Dropped File
C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx	MD5: 8478004645e0f13998f7661eb8f98287 SHA1: cba6910d8202172b8c74c08cee49ba8b3a120ccc SHA256: e3fcce478c001250b096678910009628c71441d07e4aa644b8c92d766be7c85d SSDeep: 1536:rcDWnNn7fe9eEG1ieCMf5fQ/FyWMmzeaAG/qLQ6UToQN7u:rcWN7fe9eEGXLmMmzudQ6UT1y ImpHash: None	Access, Read, Write	Modified File
C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 8478004645e0f13998f7661eb8f98287 SHA1: cba6910d8202172b8c74c08cee49ba8b3a120ccc SHA256: e3fcce478c001250b096678910009628c71441d07e4aa644b8c92d766be7c85d SSDeep: 1536:rcDWnNn7fe9eEG1ieCMf5fQ/FyWMmzeaAG/qLQ6UToQN7u:rcWN7fe9eEGXLmMmzudQ6UT1y ImpHash: None	Access	Dropped File
C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx	MD5: 2ee084c48fa2a28cb9464069f37cdbb7 SHA1: d115cbc5e88dd63621adcbebbdbc680765c6799b SHA256: e15f7086edb577f2671e1f020a52d56cc7d878b357bbaabe3e782de0ea94ab30 SSDeep: 3:MgAWl1lH/1EY+qfaltpRTtPl2tVRl/l:Mkf7NijRM ImpHash: None	Access, Read, Write	Modified File
C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 949a69228887f3b07ca4c926d7f9e887 SHA1: 415020f833e99d5b24a135f65111c8f17a416bf5 SHA256: fa40bbaac0e7117eebc2d0459f4b60aca6a698f0e703ce89416ba93fc25c19ab SSDeep: 1536:Dc8sfxq0+l76JyX0BzcHvy5EM/4FkBPcvIo3ZlJaagbNYu:Rs5qXl/XOPtJBPcwo3ZlJhWp ImpHash: None	Access	Dropped File
C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx	MD5: 2ee084c48fa2a28cb9464069f37cdbb7 SHA1: d115cbc5e88dd63621adcbebbdbc680765c6799b SHA256: e15f7086edb577f2671e1f020a52d56cc7d878b357bbaabe3e782de0ea94ab30 SSDeep: 3:MgAWl1lH/1EY+qfaltpRTtPl2tVRl/l:Mkf7NijRM ImpHash: None	Access, Read, Write	Modified File
C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: fd65455f177f4c59e07809c54214f10d SHA1: e81c3f6875c35810e2cb088eddc1d7e8d399b9f0 SHA256: a70dbfe92e9b4e0e710c9324af720f869d820865d34371df57f0ae49a5ba4ec7 SSDeep: 1536:vnbc5D8jVHDRQb9cWxN5Dd1A3tTAQHl3qmCIbxcj9fFWu:vw5YjxRQb9cWx/nIVBHlsIbI9t9 ImpHash: None	Access	Dropped File
C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx	MD5: 6c6b90b87b44734706f89720a90e42cd SHA1: e1586c21639f1d33d5be73682cc1ea92be4253ab SHA256: ad61a11409984bd0798e6837f57523b32f8a87856e35eacfb659b56a79b28035 SSDeep: 1536:AbIDi9Fax+HGWIZwO1H2lw663329aBKpT9TRGOZxyX7u:YqSc+HGWIeO1Xx3m4BKpT9dGGxyi ImpHash: None	Access, Read, Write	Modified File
C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 6c6b90b87b44734706f89720a90e42cd SHA1: e1586c21639f1d33d5be73682cc1ea92be4253ab SHA256: ad61a11409984bd0798e6837f57523b32f8a87856e35eacfb659b56a79b28035 SSDeep: 1536:AbIDi9Fax+HGWIZwO1H2lw663329aBKpT9TRGOZxyX7u:YqSc+HGWIeO1Xx3m4BKpT9dGGxyi ImpHash: None	Access	Dropped File
C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx	MD5: feb2b6b79ff392d7344fc344e4acd071 SHA1: 5244254704c94112c751dd3aff355d2f1e2408aa SHA256: 9c4d6224a5a2daf5eb6cb73e967f0fea8962e3f07743f47ac1fbb29c5dc8f3eb SSDeep: 1536:DChpqd9g3oY/lV9udhWcgAFUZcfp3o9TuCEGHm6uWblqDrfhq4EWu:4p+9g48lV9uObWCcB47EGgWK9qV ImpHash: None	Access, Read, Write	Modified File
C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: feb2b6b79ff392d7344fc344e4acd071 SHA1: 5244254704c94112c751dd3aff355d2f1e2408aa SHA256: 9c4d6224a5a2daf5eb6cb73e967f0fea8962e3f07743f47ac1fbb29c5dc8f3eb SSDeep: 1536:DChpqd9g3oY/lV9udhWcgAFUZcfp3o9TuCEGHm6uWblqDrfhq4EWu:4p+9g48lV9uObWCcB47EGgWK9qV ImpHash: None	Access	Dropped File
C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx	MD5: 4e51ce3526b256b4b2a67f6602a56915 SHA1: 7263e976e0cf8d0a5012d0a6a548fbd26edf83a3 SHA256: 9c75ed60b72d5b7b60a81c4c6604e19264e779aee17005a5ee9c7748b5d1f592 SSDeep: 6144:5gG/pNmSgtf0nz7Z1e/VKMx7OojkWFFb2EaQYzHmL:SG/pJ0fUq/r0KlX2YYzHmL ImpHash: None	Access, Read, Write	Modified File
C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 4e51ce3526b256b4b2a67f6602a56915 SHA1: 7263e976e0cf8d0a5012d0a6a548fbd26edf83a3 SHA256: 9c75ed60b72d5b7b60a81c4c6604e19264e779aee17005a5ee9c7748b5d1f592 SSDeep: 6144:5gG/pNmSgtf0nz7Z1e/VKMx7OojkWFFb2EaQYzHmL:SG/pJ0fUq/r0KlX2YYzHmL ImpHash: None	Access	Dropped File
C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx	MD5: 7dc66f78a1f90630db96dd5764d00041 SHA1: f7c936e1dbde77f87e29c401a7a03f111361ee89 SHA256: e11d99cc03d057d7be770a0a5f19695bdb14011b6ce63549bf14bf642065c74f SSDeep: 1536:H6DISZQW022BBt5Q9EdEclZ5iYZFzKodfqV41z3pGlHGV7pRNfZ2+su:H6DIQQRTBb4DclZ5iAViWpNRNfZdL ImpHash: None	Access, Read, Write	Modified File
C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 7dc66f78a1f90630db96dd5764d00041 SHA1: f7c936e1dbde77f87e29c401a7a03f111361ee89 SHA256: e11d99cc03d057d7be770a0a5f19695bdb14011b6ce63549bf14bf642065c74f SSDeep: 1536:H6DISZQW022BBt5Q9EdEclZ5iYZFzKodfqV41z3pGlHGV7pRNfZ2+su:H6DIQQRTBb4DclZ5iAViWpNRNfZdL ImpHash: None	Access	Dropped File
C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx	MD5: 876bc38a0a1ecb10072a0db743f1907a SHA1: ae3293b5fe23c8e98dc99249fa64ae4e966351f6 SHA256: ea2cd87779f87c11eb570f93c6e026af90fbf85abde642ca95505fd6263c8147 SSDeep: 6144:juAsvkQyGuBlMcKWLlwOEFzUF9x8baSLLwCg9Jz5o8FycPT9:ils5BNSO2Y8baALSjG8FJ ImpHash: None	Access, Read, Write	Modified File
C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 876bc38a0a1ecb10072a0db743f1907a SHA1: ae3293b5fe23c8e98dc99249fa64ae4e966351f6 SHA256: ea2cd87779f87c11eb570f93c6e026af90fbf85abde642ca95505fd6263c8147 SSDeep: 6144:juAsvkQyGuBlMcKWLlwOEFzUF9x8baSLLwCg9Jz5o8FycPT9:ils5BNSO2Y8baALSjG8FJ ImpHash: None	Access	Dropped File
C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx	MD5: 113ae896fd0305a4f28ca7515d44887a SHA1: f3b4a343b6eb88e934af48cb08dab49d8addb89e SHA256: 57d1b7f2ff59312da2a0f607611e292ce2825fc5281fbde4776f467f93a953fe SSDeep: 1536:xjFnpHHk2AX7+wCyqwHw1CfVhIlw2C7fI36fu:xj9pHHkyybQMfVm+Je ImpHash: None	Access, Read, Write	Modified File
C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 113ae896fd0305a4f28ca7515d44887a SHA1: f3b4a343b6eb88e934af48cb08dab49d8addb89e SHA256: 57d1b7f2ff59312da2a0f607611e292ce2825fc5281fbde4776f467f93a953fe SSDeep: 1536:xjFnpHHk2AX7+wCyqwHw1CfVhIlw2C7fI36fu:xj9pHHkyybQMfVm+Je ImpHash: None	Access	Dropped File
C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx	MD5: ff67a11475494f4d2481a44681c6997f SHA1: 72e14261e8e12907abef137e8e1da9b950ee4e61 SHA256: cde029507eef26f4c39148ece3c7d9c26b4efa3cb1eff2c30d889b7cb74b9803 SSDeep: 1536:Kasuf+iRlrpm4cL57tXNXv0P4gc4hkhb1tEVgL5u:KasumEhpmtL55dGPc4OHEVIw ImpHash: None	Access, Read, Write	Modified File
C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: ff67a11475494f4d2481a44681c6997f SHA1: 72e14261e8e12907abef137e8e1da9b950ee4e61 SHA256: cde029507eef26f4c39148ece3c7d9c26b4efa3cb1eff2c30d889b7cb74b9803 SSDeep: 1536:Kasuf+iRlrpm4cL57tXNXv0P4gc4hkhb1tEVgL5u:KasumEhpmtL55dGPc4OHEVIw ImpHash: None	Access	Dropped File
C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx	MD5: b34c829eccf2595606dd89b3f5551b53 SHA1: 923aefba82a73c22012c60f18308b19351788dbc SHA256: d4591ee876f22d0cf79e4995d971c27959befec0a04d864b3d0da9bef45fb673 SSDeep: 1536:8i0f2/0MB/0NRTvifBB1DEIf/WCLf5zx/nCUaZ/WFmBuMSQu:ZsMJ03bifBBZEU/z5N0Z/WFmBuMq ImpHash: None	Access, Read, Write	Modified File
C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: b34c829eccf2595606dd89b3f5551b53 SHA1: 923aefba82a73c22012c60f18308b19351788dbc SHA256: d4591ee876f22d0cf79e4995d971c27959befec0a04d864b3d0da9bef45fb673 SSDeep: 1536:8i0f2/0MB/0NRTvifBB1DEIf/WCLf5zx/nCUaZ/WFmBuMSQu:ZsMJ03bifBBZEU/z5N0Z/WFmBuMq ImpHash: None	Access	Dropped File
C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx	MD5: d3aaf4b9a6d60d2fdf7f45e66e14c543 SHA1: 68f7e069f34be45ac2dc42047aec05963e77a908 SHA256: a24b566bf2c826bf4e374adf66806c38fdedf683723b389d23bf055a0dee0d43 SSDeep: 1536:tRkDjWdpp90Pd5lCIzV7PoFDDNW9PeOm/Ixb+tMRBl6eB/8ZQPTL/E0Gu:tROCdp/wd5lzVLkDs4Owiagl6sUZQr7p ImpHash: None	Access, Read, Write	Modified File
C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: d3aaf4b9a6d60d2fdf7f45e66e14c543 SHA1: 68f7e069f34be45ac2dc42047aec05963e77a908 SHA256: a24b566bf2c826bf4e374adf66806c38fdedf683723b389d23bf055a0dee0d43 SSDeep: 1536:tRkDjWdpp90Pd5lCIzV7PoFDDNW9PeOm/Ixb+tMRBl6eB/8ZQPTL/E0Gu:tROCdp/wd5lzVLkDs4Owiagl6sUZQr7p ImpHash: None	Access	Dropped File
C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx	MD5: 58bfb99b46169e21ed692ed7c6481811 SHA1: 2641fb2077b09d9b815d60608e917441bc1bccb7 SHA256: 4103fb3b24c4db9f51c1cfc7a4650eb6cdfbba5a7290e3289e61831725b26cff SSDeep: 1536:1Lq7CGenI8pWtP8MNCCaSWYLzL5mmnkRppu:1LBGenNoiMNzWKVkPg ImpHash: None	Access, Read, Write	Modified File
C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 58bfb99b46169e21ed692ed7c6481811 SHA1: 2641fb2077b09d9b815d60608e917441bc1bccb7 SHA256: 4103fb3b24c4db9f51c1cfc7a4650eb6cdfbba5a7290e3289e61831725b26cff SSDeep: 1536:1Lq7CGenI8pWtP8MNCCaSWYLzL5mmnkRppu:1LBGenNoiMNzWKVkPg ImpHash: None	Access	Dropped File
C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx	MD5: 76152fe8a82296323d165ef7e89f68f0 SHA1: 6dc9b888a2fe85e4a900343e69f62a84e9dc2773 SHA256: c4770da01f835464e729e2f369339c109a5940a60023b4fdb2fed403013692dd SSDeep: 1536:QxpWRH4utipJ8S912BOYIzZD+MxFhyVlvY4+FrlYu:QxpmH4utifqvSFhyzYHlH ImpHash: None	Access, Read, Write	Modified File
C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 76152fe8a82296323d165ef7e89f68f0 SHA1: 6dc9b888a2fe85e4a900343e69f62a84e9dc2773 SHA256: c4770da01f835464e729e2f369339c109a5940a60023b4fdb2fed403013692dd SSDeep: 1536:QxpWRH4utipJ8S912BOYIzZD+MxFhyVlvY4+FrlYu:QxpmH4utifqvSFhyzYHlH ImpHash: None	Access	Dropped File
C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-International%4Operational.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-International%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-Known Folders API Service.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-Known Folders API Service.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-MUI%4Admin.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-MUI%4Admin.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-MUI%4Operational.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-MUI%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx	-	Access, Read, Write
C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-Store%4Operational.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-Store%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-Winlogon%4Operational.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-Winlogon%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx	-	Access, Read
C:\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Security.evtx	-	Access, Read
C:\Logs\Security.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Setup.evtx	-	Access, Read
C:\Logs\Setup.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\System.evtx	-	Access, Read
C:\Logs\System.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Logs\Windows PowerShell.evtx	-	Access, Read
C:\Logs\Windows PowerShell.evtx.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	-	Access
C:\Program Files\Java\jre1.8.0_144\bin\server\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	-	Access
C:\Program Files\Java\jre1.8.0_144\bin\server\classes.jsa	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\bin\server\classes.jsa.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\bin\server\Xusage.txt	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\bin\server\Xusage.txt.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\COPYRIGHT	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\COPYRIGHT.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\accessibility.properties	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\accessibility.properties.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\amd64\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\amd64\jvm.cfg	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\amd64\jvm.cfg.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\calendars.properties	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\calendars.properties.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\charsets.jar	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\charsets.jar.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\classlist	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\classlist.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\cmm\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\cmm\CIEXYZ.pf	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\cmm\CIEXYZ.pf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\cmm\GRAY.pf	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\cmm\GRAY.pf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\cmm\LINEAR_RGB.pf	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\cmm\LINEAR_RGB.pf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\cmm\PYCC.pf	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\cmm\PYCC.pf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\cmm\sRGB.pf	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\cmm\sRGB.pf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\content-types.properties	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\content-types.properties.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\currency.data	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\currency.data.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\deploy.jar	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\deploy.jar.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\deploy\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\deploy\ffjcext.zip	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\deploy\ffjcext.zip.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages.properties	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages.properties.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_de.properties	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_de.properties.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_es.properties	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_es.properties.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_fr.properties	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_fr.properties.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_it.properties	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_it.properties.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_ja.properties	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_ja.properties.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_ko.properties	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_ko.properties.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_pt_BR.properties	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_pt_BR.properties.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_sv.properties	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_sv.properties.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_zh_CN.properties	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_zh_CN.properties.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_zh_HK.properties	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_zh_HK.properties.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_zh_TW.properties	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_zh_TW.properties.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash.gif	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash.gif.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash@2x.gif	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash@2x.gif.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11-lic.gif	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11-lic.gif.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11@2x-lic.gif	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11@2x-lic.gif.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\ext\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\ext\access-bridge-64.jar	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\ext\access-bridge-64.jar.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\ext\cldrdata.jar	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\ext\cldrdata.jar.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\ext\dnsns.jar	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\ext\dnsns.jar.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\ext\jaccess.jar	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\ext\jaccess.jar.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\ext\jfxrt.jar	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\ext\jfxrt.jar.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\ext\localedata.jar	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\ext\localedata.jar.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\ext\meta-index	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\ext\meta-index.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\ext\nashorn.jar	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\ext\nashorn.jar.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\ext\sunec.jar	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\ext\sunec.jar.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\ext\sunjce_provider.jar	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\ext\sunjce_provider.jar.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\ext\sunmscapi.jar	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\ext\sunmscapi.jar.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\ext\sunpkcs11.jar	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\ext\sunpkcs11.jar.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\ext\zipfs.jar	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\ext\zipfs.jar.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\flavormap.properties	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\flavormap.properties.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\fontconfig.bfc	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\fontconfig.bfc.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\fontconfig.properties.src	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\fontconfig.properties.src.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\fonts\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaBrightDemiBold.ttf	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaBrightDemiBold.ttf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaBrightDemiItalic.ttf	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaBrightDemiItalic.ttf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaBrightItalic.ttf	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaBrightItalic.ttf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaBrightRegular.ttf	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaBrightRegular.ttf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaSansDemiBold.ttf	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaSansDemiBold.ttf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaSansRegular.ttf	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaSansRegular.ttf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaTypewriterBold.ttf	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaTypewriterBold.ttf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaTypewriterRegular.ttf	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaTypewriterRegular.ttf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\hijrah-config-umalqura.properties	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\hijrah-config-umalqura.properties.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\cursors.properties	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\cursors.properties.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\invalid32x32.gif	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\invalid32x32.gif.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_CopyDrop32x32.gif	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_CopyDrop32x32.gif.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_CopyNoDrop32x32.gif	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_CopyNoDrop32x32.gif.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_LinkDrop32x32.gif	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_LinkDrop32x32.gif.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_LinkNoDrop32x32.gif	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_LinkNoDrop32x32.gif.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_MoveDrop32x32.gif	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_MoveDrop32x32.gif.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_MoveNoDrop32x32.gif	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_MoveNoDrop32x32.gif.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\javafx.properties	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\javafx.properties.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\javaws.jar	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\javaws.jar.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\jce.jar	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\jce.jar.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\jfr.jar	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\jfr.jar.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\jfr\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\jfr\default.jfc	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\jfr\default.jfc.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\jfr\profile.jfc	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\jfr\profile.jfc.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\jfxswt.jar	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\jfxswt.jar.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\jsse.jar	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\jsse.jar.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\jvm.hprof.txt	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\jvm.hprof.txt.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\logging.properties	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\logging.properties.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\management-agent.jar	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\management-agent.jar.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\management\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\management\jmxremote.access	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\management\jmxremote.access.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\management\jmxremote.password.template	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\management\jmxremote.password.template.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\management\management.properties	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\management\management.properties.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\management\snmp.acl.template	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\management\snmp.acl.template.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\meta-index	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\meta-index.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\net.properties	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\net.properties.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\plugin.jar	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\plugin.jar.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\psfont.properties.ja	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\psfont.properties.ja.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\psfontj2d.properties	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\psfontj2d.properties.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\resources.jar	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\resources.jar.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\rt.jar	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\rt.jar.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\security\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\security\blacklist	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\security\blacklist.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\security\blacklisted.certs	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\security\blacklisted.certs.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\security\cacerts	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\security\cacerts.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\security\java.policy	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\security\java.policy.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\security\java.security	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\security\java.security.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\security\javaws.policy	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\security\javaws.policy.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\security\local_policy.jar	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\security\local_policy.jar.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\security\trusted.libraries	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\security\US_export_policy.jar	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\security\US_export_policy.jar.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\sound.properties	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\sound.properties.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\tzdb.dat	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\tzdb.dat.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\lib\tzmappings	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\lib\tzmappings.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\LICENSE	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\LICENSE.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\README.txt	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\README.txt.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\release	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\release.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME-JAVAFX.txt	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME-JAVAFX.txt.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME.txt	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME.txt.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Java\jre1.8.0_144\Welcome.html	-	Access, Read
C:\Program Files\Java\jre1.8.0_144\Welcome.html.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	-	Access
C:\Program Files\Microsoft Office\AppXManifest.xml	-	Access, Read
C:\Program Files\Microsoft Office\AppXManifest.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\FileSystemMetadata.xml	-	Access, Read
C:\Program Files\Microsoft Office\FileSystemMetadata.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\Office16\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	-	Access
C:\Program Files\Microsoft Office\Office16\OSPP.HTM	-	Access, Read
C:\Program Files\Microsoft Office\Office16\OSPP.HTM.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\Office16\OSPP.VBS	-	Access
C:\Program Files\Microsoft Office\Office16\SLERROR.XML	-	Access, Read
C:\Program Files\Microsoft Office\Office16\SLERROR.XML.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AppXManifestLoc.en-us.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AppXManifestLoc.en-us.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.xml	-	Access, Read
C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.xml.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	-	Access
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00004_.GIF	-	Access, Read
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00004_.GIF.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00011_.GIF	-	Access, Read
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00011_.GIF.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00021_.GIF	-	Access, Read
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00021_.GIF.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00037_.GIF	-	Access, Read
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00037_.GIF.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00038_.GIF	-	Access, Read
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00038_.GIF.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00040_.GIF	-	Access, Read
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00040_.GIF.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00052_.GIF	-	Access, Read
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00052_.GIF.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00057_.GIF	-	Access, Read
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00057_.GIF.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00090_.GIF	-	Access, Read
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00090_.GIF.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00092_.GIF	-	Access, Read
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00092_.GIF.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00103_.GIF	-	Access, Read
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00103_.GIF.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00120_.GIF	-	Access, Read
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00120_.GIF.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00126_.GIF	-	Access, Read
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00126_.GIF.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00129_.GIF	-	Access, Read
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00129_.GIF.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00130_.GIF	-	Access, Read
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00130_.GIF.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00135_.GIF	-	Access, Read
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00135_.GIF.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00139_.GIF	-	Access, Read
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00139_.GIF.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00142_.GIF	-	Access, Read
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00142_.GIF.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00154_.GIF	-	Access, Read
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00154_.GIF.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00157_.GIF	-	Access, Read
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00157_.GIF.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00158_.GIF	-	Access, Read
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00158_.GIF.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00160_.GIF	-	Access, Read
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00160_.GIF.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00161_.GIF	-	Access, Read
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00161_.GIF.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	-	Access
C:\Users\FD1HVy\AppData\Local\Temp\2766425C.buran	MD5: 93b885adfe0da089cdf634904fd59f71 SHA1: 5ba93c9db0cff93f52b521d7420e43f6eda2784f SHA256: 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d SSDeep: 3:: ImpHash: None	Access, Write	Dropped File
C:\Users\FD1HVy\AppData\Local\Temp\800DA69A.buran	MD5: 93b885adfe0da089cdf634904fd59f71 SHA1: 5ba93c9db0cff93f52b521d7420e43f6eda2784f SHA256: 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d SSDeep: 3:: ImpHash: None	Access, Write	Dropped File
C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows	-	Access
C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\ctfmon.exe	MD5: db45c3e8e48c0d21cb82819a17225bbc SHA1: 4ca4e72d58717610f613eb0805468228d9a77a98 SHA256: ba809c00f829015cb70f26fe1be979f5a372e346d0e974252e8c3ee18b21dd22 SSDeep: 3072:w3t17Da7zjx7hpiO1y0tN4hgNevX3fld3u98H7ykF/6FdXn8sVG9o2GuQnS9:w3t17IPx7hpiQtbNen3uGykF/6HXntVB ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\Users\FD1HVy\Desktop\-IU8WGmE.avi	MD5: 92f846b85c667a5e210d1427f1acbd3c SHA1: ae3f8b3dbfd2e4143a27af11861ffb4e0e7fefe0 SHA256: b51f766d64bba6bc6de190d0e19a4410e7d70ff0f979e6ea15db471f51264e2d SSDeep: 768:k7/9TMGf4wnGLvX7OYCy0AN8YL6n3i55AUwLR8HioCidDPepSS00jnr8u:kxMRLKYCytN8liEf18HiYDOSS00jr8u ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\-IU8WGmE.avi.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 92f846b85c667a5e210d1427f1acbd3c SHA1: ae3f8b3dbfd2e4143a27af11861ffb4e0e7fefe0 SHA256: b51f766d64bba6bc6de190d0e19a4410e7d70ff0f979e6ea15db471f51264e2d SSDeep: 768:k7/9TMGf4wnGLvX7OYCy0AN8YL6n3i55AUwLR8HioCidDPepSS00jnr8u:kxMRLKYCytN8liEf18HiYDOSS00jr8u ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\0 HFSllE7M55ZM.flv	MD5: 4d4f2faeb719f09678b9b52e8a239388 SHA1: ca809224ffa4380fbd081499459609b501d45874 SHA256: 0eee1f10c775846c5336f18d3fa22a58cc55307ba0fbde333b7588fa9febcd2c SSDeep: 3072:n6lJ0JXLfOhBC+0MgkdpL9Ori0O1xWhxx:6leJWrnfL0xO1Ml ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\0 HFSllE7M55ZM.flv.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 4d4f2faeb719f09678b9b52e8a239388 SHA1: ca809224ffa4380fbd081499459609b501d45874 SHA256: 0eee1f10c775846c5336f18d3fa22a58cc55307ba0fbde333b7588fa9febcd2c SSDeep: 3072:n6lJ0JXLfOhBC+0MgkdpL9Ori0O1xWhxx:6leJWrnfL0xO1Ml ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\0Vo-ly6biRdbFh.bmp	MD5: b327f98df929d9224e45584cefdd109c SHA1: 6b403f49221153464b84d339f6247f218d882823 SHA256: 66b908011cd21c5020f8c5fb3f9d60f47421bd2ce5c81012fe754607807148c5 SSDeep: 192:jWojOr1/UHSh3HDx63WsO8R4vKeQYdZlcROX+:Sxr1uSMEKQdZiQu ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\0Vo-ly6biRdbFh.bmp.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: b327f98df929d9224e45584cefdd109c SHA1: 6b403f49221153464b84d339f6247f218d882823 SHA256: 66b908011cd21c5020f8c5fb3f9d60f47421bd2ce5c81012fe754607807148c5 SSDeep: 192:jWojOr1/UHSh3HDx63WsO8R4vKeQYdZlcROX+:Sxr1uSMEKQdZiQu ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\1nAU21n.gif	MD5: cf27592e9b89876e26a446a66e846406 SHA1: c19570f563006b5936c6ae5032564f66d87c38d2 SHA256: 67866fd85f730827d182f5d7706600e5ddf298740a127ad2afd296e362f1a437 SSDeep: 768:ZFdv1i6LbTlYCz2t8EmkjFt+swPAwTTK6Su:ZFLnjG5PMTK6Su ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\1nAU21n.gif.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: cf27592e9b89876e26a446a66e846406 SHA1: c19570f563006b5936c6ae5032564f66d87c38d2 SHA256: 67866fd85f730827d182f5d7706600e5ddf298740a127ad2afd296e362f1a437 SSDeep: 768:ZFdv1i6LbTlYCz2t8EmkjFt+swPAwTTK6Su:ZFLnjG5PMTK6Su ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\1y GAOepHjz_GGuAnfUs.rtf	MD5: 26482064ea14f8e23e74ed2a6fe2644e SHA1: 9b77b74e0693f5fff97e41a2c6eaf4129c045417 SHA256: 75c45f10a83104951975ebd73fee75d8afa021c755da0cd4ca37754beb87540d SSDeep: 768:Zy9C9DZWAH1EIY4RneyVt2oe4bkwQFazSa2Nf1tFogUu:o9CLWE1EItneBoe4lYCZcf1tKZu ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\1y GAOepHjz_GGuAnfUs.rtf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 26482064ea14f8e23e74ed2a6fe2644e SHA1: 9b77b74e0693f5fff97e41a2c6eaf4129c045417 SHA256: 75c45f10a83104951975ebd73fee75d8afa021c755da0cd4ca37754beb87540d SSDeep: 768:Zy9C9DZWAH1EIY4RneyVt2oe4bkwQFazSa2Nf1tFogUu:o9CLWE1EItneBoe4lYCZcf1tKZu ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\2.exe	MD5: db45c3e8e48c0d21cb82819a17225bbc SHA1: 4ca4e72d58717610f613eb0805468228d9a77a98 SHA256: ba809c00f829015cb70f26fe1be979f5a372e346d0e974252e8c3ee18b21dd22 SSDeep: 3072:w3t17Da7zjx7hpiO1y0tN4hgNevX3fld3u98H7ykF/6FdXn8sVG9o2GuQnS9:w3t17IPx7hpiQtbNen3uGykF/6HXntVB ImpHash: None	Access	Sample File
C:\Users\FD1HVy\Desktop\2o0RvoNQH3Pnt6RW4e9V.mp3	MD5: a92145e5ddfe93b45ece0d4ea8e525fb SHA1: ee0f17c26c9f30daeeb29b7279723caae9bb24e4 SHA256: b41a4256fef97155734d387863b38da6d58f3ab93956296c726d1b95a8fa20c6 SSDeep: 384:rmpwbx6JwfRJz49xGSSOwREWi2U8t0gACDk4sAQu:Six6JwX0GJxvi295k4Gu ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\2o0RvoNQH3Pnt6RW4e9V.mp3.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: a92145e5ddfe93b45ece0d4ea8e525fb SHA1: ee0f17c26c9f30daeeb29b7279723caae9bb24e4 SHA256: b41a4256fef97155734d387863b38da6d58f3ab93956296c726d1b95a8fa20c6 SSDeep: 384:rmpwbx6JwfRJz49xGSSOwREWi2U8t0gACDk4sAQu:Six6JwX0GJxvi295k4Gu ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\2TxEwTCTxw7fCarfd9s.mp3	MD5: eed29af8576f545ec3a6d63c63bbb48a SHA1: 5ed1be3b7671d41b777f78bf2b4174a483729af8 SHA256: d801c82344743ad6c7696c99ba9e3fc670f257c4432ef1cbb28d2128a08eae7e SSDeep: 1536:2VYivgz0yJX3SKAj9L6K7PXA7OzGzph51a6la9u:2UN3GjsK7PXA7Oc9dz ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\2TxEwTCTxw7fCarfd9s.mp3.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: eed29af8576f545ec3a6d63c63bbb48a SHA1: 5ed1be3b7671d41b777f78bf2b4174a483729af8 SHA256: d801c82344743ad6c7696c99ba9e3fc670f257c4432ef1cbb28d2128a08eae7e SSDeep: 1536:2VYivgz0yJX3SKAj9L6K7PXA7OzGzph51a6la9u:2UN3GjsK7PXA7Oc9dz ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\4tYgLFbf4vLGutZ Yr.xls	MD5: d90b30c7d212f12ef901d6ef06160c49 SHA1: 29b8d35b1edb74cdbb5635f02e40180cce67f063 SHA256: e80dd7a15ad31f9ed668e048032c648fa1cbae517e423a84d1456f721a0503d9 SSDeep: 1536:nRZv+fqGZXo1tMMQzTu/tYBP0HFHezyoKPFdvwSvfflrMGTHDAu:RZsEMxz6/tcaHezyddvD3NrFTHDf ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\4tYgLFbf4vLGutZ Yr.xls.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: d90b30c7d212f12ef901d6ef06160c49 SHA1: 29b8d35b1edb74cdbb5635f02e40180cce67f063 SHA256: e80dd7a15ad31f9ed668e048032c648fa1cbae517e423a84d1456f721a0503d9 SSDeep: 1536:nRZv+fqGZXo1tMMQzTu/tYBP0HFHezyoKPFdvwSvfflrMGTHDAu:RZsEMxz6/tcaHezyddvD3NrFTHDf ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\7AWcMCYzrmcSj02AOd.ods	MD5: 56298e189c01a09da80a4edd36d4414e SHA1: 2a792fcbebc42315e5abe851239c07c53c9ad228 SHA256: 0f0f1ee56d43864e148b32c32686377dafda05b71600c87cb8f2f41ca6eceac8 SSDeep: 768:M95M72z8A8JWtNlELPrNugyKJfb58kelAG84ESySQrG66XnOkxr9LYMu:MrVt8JW/SCWfbQlZESy8XOkxFYMu ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\7AWcMCYzrmcSj02AOd.ods.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 56298e189c01a09da80a4edd36d4414e SHA1: 2a792fcbebc42315e5abe851239c07c53c9ad228 SHA256: 0f0f1ee56d43864e148b32c32686377dafda05b71600c87cb8f2f41ca6eceac8 SSDeep: 768:M95M72z8A8JWtNlELPrNugyKJfb58kelAG84ESySQrG66XnOkxr9LYMu:MrVt8JW/SCWfbQlZESy8XOkxFYMu ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\AL2c1H0uH2V75ObWn2WC.ots	MD5: b3d74df54996a01419ff55af42150cd4 SHA1: a7cc67e616e8fccafdad5328527a8cce260799ec SHA256: 09ae7f4f1f8a279702452c80231e4937b9a001e3bd4ed6999090dbfaa4e6fcda SSDeep: 384:vZ7PX+4NSdyra5tcZpBsvGpURk0W1gq12Qu:R7PXjNfa5tYpivGpUrcJu ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\AL2c1H0uH2V75ObWn2WC.ots.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: b3d74df54996a01419ff55af42150cd4 SHA1: a7cc67e616e8fccafdad5328527a8cce260799ec SHA256: 09ae7f4f1f8a279702452c80231e4937b9a001e3bd4ed6999090dbfaa4e6fcda SSDeep: 384:vZ7PX+4NSdyra5tcZpBsvGpURk0W1gq12Qu:R7PXjNfa5tYpivGpUrcJu ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\bIlOji97MBhWI.mp3	MD5: 0603f0793f00428a64732918f19cb61a SHA1: cd093894e61810226675fc24f2b37cc8ade3e6e6 SHA256: d3f2a3f8466e7fcd4a25c9b24abfa6ecf3b00bcad273a5633521a187170a668e SSDeep: 768:pupksY9UopAYzvlhPinnSV35p00Vo20Sj5FbloGUAgT9ew9eESqKu:GbY9U6hiSJ5pdo2hj5FblsB9eNZu ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\bIlOji97MBhWI.mp3.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 0603f0793f00428a64732918f19cb61a SHA1: cd093894e61810226675fc24f2b37cc8ade3e6e6 SHA256: d3f2a3f8466e7fcd4a25c9b24abfa6ecf3b00bcad273a5633521a187170a668e SSDeep: 768:pupksY9UopAYzvlhPinnSV35p00Vo20Sj5FbloGUAgT9ew9eESqKu:GbY9U6hiSJ5pdo2hj5FblsB9eNZu ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\bvjvPicqNbxCUAF0jjb.jpg	MD5: aa3ba705620468ab197690c5ebcd908f SHA1: fd7a89af9db3579fd79af99c714bcc19ffa8e300 SHA256: 7c6ce0c73db1a3b0adf4d005127c2b1da31fb22cab59955655efe7e45106324f SSDeep: 1536:JS/CBUt2nJcju8Qoayb+oQEWv4k2FsvwpXITR6Deqtu:M6jcju8QAtFkvvwlIYC7 ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\bvjvPicqNbxCUAF0jjb.jpg.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: aa3ba705620468ab197690c5ebcd908f SHA1: fd7a89af9db3579fd79af99c714bcc19ffa8e300 SHA256: 7c6ce0c73db1a3b0adf4d005127c2b1da31fb22cab59955655efe7e45106324f SSDeep: 1536:JS/CBUt2nJcju8Qoayb+oQEWv4k2FsvwpXITR6Deqtu:M6jcju8QAtFkvvwlIYC7 ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\BvpCYYHpcrUGg.jpg	MD5: 16ce831bd77553a7dafd156811f2a0c1 SHA1: a25ff9da8463e845fac67db4e4bd49037e4aa2a3 SHA256: cdee0c15df1b84461d06e61d78934a324822b619b443652024f2c06d533920b0 SSDeep: 3072:Y2wzNScG7uJg0VeKN+OULokPYubDINI51kseGCw/LuA:N4g0VeKNzULo6tPINmknGVx ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\BvpCYYHpcrUGg.jpg.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 16ce831bd77553a7dafd156811f2a0c1 SHA1: a25ff9da8463e845fac67db4e4bd49037e4aa2a3 SHA256: cdee0c15df1b84461d06e61d78934a324822b619b443652024f2c06d533920b0 SSDeep: 3072:Y2wzNScG7uJg0VeKN+OULokPYubDINI51kseGCw/LuA:N4g0VeKNzULo6tPINmknGVx ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\c88P_1gwS3beXz__x0G.avi	MD5: 67a93ebd3fa8625ee75dec4caaecaf94 SHA1: 674d4fb40284268024849256c20e41eae8229021 SHA256: 08106ff1f468e3b55cf4fe4fca2aa1f0893cb679a454eaa25718b5311c4d8c53 SSDeep: 1536:DSx6cG7DWs0BMtEPQJK9JznMPbLHazIZFlsrS5T6jVu:DSxp2wM1oznEIYFlsrMaM ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\c88P_1gwS3beXz__x0G.avi.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 67a93ebd3fa8625ee75dec4caaecaf94 SHA1: 674d4fb40284268024849256c20e41eae8229021 SHA256: 08106ff1f468e3b55cf4fe4fca2aa1f0893cb679a454eaa25718b5311c4d8c53 SSDeep: 1536:DSx6cG7DWs0BMtEPQJK9JznMPbLHazIZFlsrS5T6jVu:DSxp2wM1oznEIYFlsrMaM ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\Cc1dWs.flv	MD5: e202f207ce8919ccb44bb56e162bc379 SHA1: 168ad4739b6ce70c0f8ecda22ad85e0e4b45ad99 SHA256: 8e4c09ebc14ba24d3861c75370886e5241af41a8a520f4cfc3c328eeeb809cea SSDeep: 384:T9vw30k3JKTqHINVqf4fmJ2tR66xPt7Amw1cr4mJKw8w7dimfkwwtQu:TNwEk3IqHIzqf4TtR7xF8b2bJKwtUm/u ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\Cc1dWs.flv.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: e202f207ce8919ccb44bb56e162bc379 SHA1: 168ad4739b6ce70c0f8ecda22ad85e0e4b45ad99 SHA256: 8e4c09ebc14ba24d3861c75370886e5241af41a8a520f4cfc3c328eeeb809cea SSDeep: 384:T9vw30k3JKTqHINVqf4fmJ2tR66xPt7Amw1cr4mJKw8w7dimfkwwtQu:TNwEk3IqHIzqf4TtR7xF8b2bJKwtUm/u ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\CQt7uZQveV9 d-32SC.gif	MD5: 634d9da27c54104627565a9d1e7f0a5d SHA1: 45f4a4f686368341e9773e6639b86c5c9b7cf35b SHA256: c4a04dd30b01783d1c14ba14d283bc9e025d52621b4d86df61832e9a25f9f57c SSDeep: 1536:+FkZCVkNO1WrNzqFqWZQxuZ9hMK7koROQu:tZC5AoQqYKdAv ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\CQt7uZQveV9 d-32SC.gif.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 634d9da27c54104627565a9d1e7f0a5d SHA1: 45f4a4f686368341e9773e6639b86c5c9b7cf35b SHA256: c4a04dd30b01783d1c14ba14d283bc9e025d52621b4d86df61832e9a25f9f57c SSDeep: 1536:+FkZCVkNO1WrNzqFqWZQxuZ9hMK7koROQu:tZC5AoQqYKdAv ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\czEq2jPbtoc-alsL.avi	MD5: c1b44e90dd7a512a77943d3842c4b419 SHA1: 8f4039129687aff0513a6f31d31493311a2f60cf SHA256: b07ee3446e87688a304fe30e721b1581e6a1d90caf82779dc64bb94e9a99d4ef SSDeep: 768:zIk8r5EDe9qtKOAP4xJKG5QswG5WZYtReTBUK2mAXBmPSa4++dtu:zXYEDJ91S3tGQtTBamAXBPvzu ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\czEq2jPbtoc-alsL.avi.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: c1b44e90dd7a512a77943d3842c4b419 SHA1: 8f4039129687aff0513a6f31d31493311a2f60cf SHA256: b07ee3446e87688a304fe30e721b1581e6a1d90caf82779dc64bb94e9a99d4ef SSDeep: 768:zIk8r5EDe9qtKOAP4xJKG5QswG5WZYtReTBUK2mAXBmPSa4++dtu:zXYEDJ91S3tGQtTBamAXBPvzu ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\dxaVbKx3o LR.png	MD5: e63d2b36e1852db85da769dd8d953b98 SHA1: 1e0a11721172dc9b3d10f4e43e5d9bfd0a39f28c SHA256: 09fa1e3e997bf20016f440a2a89c04a3a6b599b65d3db45a0bbb1cdd56f8ff42 SSDeep: 1536:eJ2PAWlwnWrCWQ6iDqjNmNQWyDU4l3tNVwe+p2hC55PnRu:mtWuWrCZ6iFNngLl9NPQ5P4 ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\dxaVbKx3o LR.png.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: e63d2b36e1852db85da769dd8d953b98 SHA1: 1e0a11721172dc9b3d10f4e43e5d9bfd0a39f28c SHA256: 09fa1e3e997bf20016f440a2a89c04a3a6b599b65d3db45a0bbb1cdd56f8ff42 SSDeep: 1536:eJ2PAWlwnWrCWQ6iDqjNmNQWyDU4l3tNVwe+p2hC55PnRu:mtWuWrCZ6iFNngLl9NPQ5P4 ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\Eezf.mp4	MD5: 433b1fd1ba48004c8942c0b599c726fa SHA1: 53ce9b3018d05e28979e9d84171580900ed39de3 SHA256: 9f22da434ee612a019aac080e7ec62859ca12bb9116dcd2093ba5dc0e465aef9 SSDeep: 768:TbYkyVJd/Du0qDsjXlMo/HvaXwMeG3xghn2+LtvOu:kPDMDiB/HvAwvGBgl2+Lt2u ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\Eezf.mp4.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 433b1fd1ba48004c8942c0b599c726fa SHA1: 53ce9b3018d05e28979e9d84171580900ed39de3 SHA256: 9f22da434ee612a019aac080e7ec62859ca12bb9116dcd2093ba5dc0e465aef9 SSDeep: 768:TbYkyVJd/Du0qDsjXlMo/HvaXwMeG3xghn2+LtvOu:kPDMDiB/HvAwvGBgl2+Lt2u ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\f11Y6vzrSnRuG6gXdJyI.wav	MD5: 02ea3f79a9916e969964f73f02c5e384 SHA1: 65498e452b3a3f9ef18f7bf87072b59512a99eed SHA256: 279bf165cc6a150d030a60508351b2115147ba25ff46869f74cb2ac89ea983bb SSDeep: 1536:+y3PbCOYlOD5MBtYz4iTMwSqsAyMKG2QYfCBh3yc/zOBpxu:+y3PbCOYlm5M0z4iZ9su9e6dqzY ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\f11Y6vzrSnRuG6gXdJyI.wav.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 02ea3f79a9916e969964f73f02c5e384 SHA1: 65498e452b3a3f9ef18f7bf87072b59512a99eed SHA256: 279bf165cc6a150d030a60508351b2115147ba25ff46869f74cb2ac89ea983bb SSDeep: 1536:+y3PbCOYlOD5MBtYz4iTMwSqsAyMKG2QYfCBh3yc/zOBpxu:+y3PbCOYlm5M0z4iZ9su9e6dqzY ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\he_DSG.swf	MD5: 20726cb07b2c286a01236094247eeae9 SHA1: c4651748a5fd13bda5f9987ebaf3f3439b7d985f SHA256: d1131c805be4b0a45fbc8bee0a5e50d592e0c8550b79ec05a6b1f839a0b8607a SSDeep: 768:gEJeCySfjR+ZoUyBWmMsGSxWsChEy5GI6ebRlTnDQ0ytfaJKb79b/TmVvEb5tvDU:giVV+CUyIsaEyftbRlTnDOkKf9n6otvg ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\he_DSG.swf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 20726cb07b2c286a01236094247eeae9 SHA1: c4651748a5fd13bda5f9987ebaf3f3439b7d985f SHA256: d1131c805be4b0a45fbc8bee0a5e50d592e0c8550b79ec05a6b1f839a0b8607a SSDeep: 768:gEJeCySfjR+ZoUyBWmMsGSxWsChEy5GI6ebRlTnDQ0ytfaJKb79b/TmVvEb5tvDU:giVV+CUyIsaEyftbRlTnDOkKf9n6otvg ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\IdcfNSdAI6EpKkJpB.doc	MD5: 02629dea30ca15f57b5ac8c473b5b5d2 SHA1: fef5df745624fb1e3a37c491fb32200488a92e43 SHA256: 5a3aac6332d9c57a9b284af9d78384e05e4f654d930af0414a7b7337fd262388 SSDeep: 1536:xy2zjnrA3NU4IzYtpxHbH1d2PeGp80OIS4iZZxbZFAwYu:xyP3NUvzypx7Hbejp80OIS4iZ7tr ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\IdcfNSdAI6EpKkJpB.doc.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 02629dea30ca15f57b5ac8c473b5b5d2 SHA1: fef5df745624fb1e3a37c491fb32200488a92e43 SHA256: 5a3aac6332d9c57a9b284af9d78384e05e4f654d930af0414a7b7337fd262388 SSDeep: 1536:xy2zjnrA3NU4IzYtpxHbH1d2PeGp80OIS4iZZxbZFAwYu:xyP3NUvzypx7Hbejp80OIS4iZ7tr ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\K2N8lD.swf	MD5: 83e3649f6d24def478c0baa7260c9a11 SHA1: 3603d9a242d793b89b20cf97ccd14763d2715d4f SHA256: 31e1e9f7ba8890c586792df12649acb2ff09ec4f3d463f22c0d299e5db7f6e05 SSDeep: 1536:+UYAYT16i+y5c8l++T8P6MMWyIHg50hdc8MhthEI35U0aezfrS+tysvStpxJb3u:+U5q95c1x6NWyU/h5G5U0aezjS+slXS ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\K2N8lD.swf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 83e3649f6d24def478c0baa7260c9a11 SHA1: 3603d9a242d793b89b20cf97ccd14763d2715d4f SHA256: 31e1e9f7ba8890c586792df12649acb2ff09ec4f3d463f22c0d299e5db7f6e05 SSDeep: 1536:+UYAYT16i+y5c8l++T8P6MMWyIHg50hdc8MhthEI35U0aezfrS+tysvStpxJb3u:+U5q95c1x6NWyU/h5G5U0aezjS+slXS ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\LEC y1M\!!! YOUR FILES ARE ENCRYPTED !!!.TXT	MD5: 559a25ec1177b15b54ed42a21d1db4a1 SHA1: af6679b98ef9f45a3ed03b0f399b5fa1db113c6e SHA256: 37bd026a2c410d5ce2bf0598b13178fe24e5e57d7fd14458855244ce4fb2dbd5 SSDeep: 6:a9xCSfmfKu9Z3cong2cGpI0QKVmVCXLr34YKnG3KUsLmbmsIhWHrpN2claaMnRg0:a9zefDeog2cGcV64i3mkNnatUY ImpHash: None	Access, Write	Dropped File
C:\Users\FD1HVy\Desktop\LEC y1M\1XiaHqRLQcN.jpg	MD5: 8c89a5fa8babbe9e4c35fa9bd57064a1 SHA1: 306e28280aff1c487578cdc1eace2e19cc1f8ad5 SHA256: c0902785364791c7ea715cc0f459939f12adc227575c4ea91cbe42c12b11e01d SSDeep: 768:FO30FjesyijqjWPl8DI9V1ds3guUB7iftuCzZt/slzu:T1tm+X9V1wUOfUW3/czu ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\LEC y1M\1XiaHqRLQcN.jpg.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 8c89a5fa8babbe9e4c35fa9bd57064a1 SHA1: 306e28280aff1c487578cdc1eace2e19cc1f8ad5 SHA256: c0902785364791c7ea715cc0f459939f12adc227575c4ea91cbe42c12b11e01d SSDeep: 768:FO30FjesyijqjWPl8DI9V1ds3guUB7iftuCzZt/slzu:T1tm+X9V1wUOfUW3/czu ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\LEC y1M\2t6b1Wgb.mp4	MD5: c05ce78794619752d2f7390c863d1fd4 SHA1: 2734bc2ab1d9785b31a157194c4db86d59b388ed SHA256: 5eca1b5bd21e25e219d4d78ab3d352e11bf3d70c2aa2ef58b0ba57867b42af61 SSDeep: 768:NKF7zWPG8meL7kI/SzJ4ka1lWb8CjWhIzvXDe9bQY/8GBksOJRyvu:NWWZElfa1QHj9zv69R8sxO3ku ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\LEC y1M\2t6b1Wgb.mp4.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: c05ce78794619752d2f7390c863d1fd4 SHA1: 2734bc2ab1d9785b31a157194c4db86d59b388ed SHA256: 5eca1b5bd21e25e219d4d78ab3d352e11bf3d70c2aa2ef58b0ba57867b42af61 SSDeep: 768:NKF7zWPG8meL7kI/SzJ4ka1lWb8CjWhIzvXDe9bQY/8GBksOJRyvu:NWWZElfa1QHj9zv69R8sxO3ku ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\LEC y1M\aHlckfoF9Df PJtrnP.mp3	MD5: 65dd98d0cf874160fec4c20a52418470 SHA1: 6e2d67c638c281b312d4c2e76f515a984dfc3064 SHA256: 97bc028e768e9d8f0faa08509211e2000e09d9ce3bbadcd8fba333ec3323f21e SSDeep: 1536:mEh8mDPTtqw0mxU0Kb6IIHgDS5ZtFk7Qy8E0T5vHrkTsNRjTxHn+j+u:mgHDRqw3/KWIIADS558dGwAbjTs1 ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\LEC y1M\aHlckfoF9Df PJtrnP.mp3.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 65dd98d0cf874160fec4c20a52418470 SHA1: 6e2d67c638c281b312d4c2e76f515a984dfc3064 SHA256: 97bc028e768e9d8f0faa08509211e2000e09d9ce3bbadcd8fba333ec3323f21e SSDeep: 1536:mEh8mDPTtqw0mxU0Kb6IIHgDS5ZtFk7Qy8E0T5vHrkTsNRjTxHn+j+u:mgHDRqw3/KWIIADS558dGwAbjTs1 ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\LEC y1M\Br2U44.m4a	MD5: 308ef9e4323e4f08f961e3554fccfd8d SHA1: ef4e04dbaddaac27b780feda5e450818b03701f5 SHA256: 9fd03803159ea75f1678c9d418320257a377a1c121fff360aae67676da8cf81e SSDeep: 1536:UKeIuvEx5863RTSYW87MW5jMTpsWCsL7N+pTfo+nMu:VAvRaRTVxQW5jMCW7L7N+pDjr ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\LEC y1M\Br2U44.m4a.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 308ef9e4323e4f08f961e3554fccfd8d SHA1: ef4e04dbaddaac27b780feda5e450818b03701f5 SHA256: 9fd03803159ea75f1678c9d418320257a377a1c121fff360aae67676da8cf81e SSDeep: 1536:UKeIuvEx5863RTSYW87MW5jMTpsWCsL7N+pTfo+nMu:VAvRaRTVxQW5jMCW7L7N+pDjr ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\LEC y1M\GQFmK U7yfly.mp3	MD5: 6786069ed39884b8fcece5b31e039dd5 SHA1: e4c73b18d710513c1675fc8ea4a6334850df4e3a SHA256: 8a90e4f3d832ec7df076599a13ed332b2a999770c62d3882ebe94c8c6ca73a6a SSDeep: 1536:Xvusx1w2NgswF2sNDLwnj1ULuSYv9ZtK/ZMRGhMeb1IKC6MQcbuu:XvusnZvwgsNDLwmM/IxMkhMeRIKZMQcB ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\LEC y1M\GQFmK U7yfly.mp3.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 6786069ed39884b8fcece5b31e039dd5 SHA1: e4c73b18d710513c1675fc8ea4a6334850df4e3a SHA256: 8a90e4f3d832ec7df076599a13ed332b2a999770c62d3882ebe94c8c6ca73a6a SSDeep: 1536:Xvusx1w2NgswF2sNDLwnj1ULuSYv9ZtK/ZMRGhMeb1IKC6MQcbuu:XvusnZvwgsNDLwmM/IxMkhMeRIKZMQcB ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\LEC y1M\OOE5fKcEdsHQz8B4.ods	MD5: ac0c48b2192491bb4fe73edafecd4999 SHA1: 6955a363cbe213094b7e9dd1b66ec6f04447964e SHA256: 2e99ecef8712b93a5240e3bdbb23e30dd03b1b8a4d914f5255e386c5311f3234 SSDeep: 1536:IFVCVp7DQI6BT8IbWZQAFGwnKY3X49IeSWroUYf8rQxq6OLYehPS8iIRBEu:IFVypHcWZPKYH9U88MxqJ8YKDIf ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\LEC y1M\OOE5fKcEdsHQz8B4.ods.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: ac0c48b2192491bb4fe73edafecd4999 SHA1: 6955a363cbe213094b7e9dd1b66ec6f04447964e SHA256: 2e99ecef8712b93a5240e3bdbb23e30dd03b1b8a4d914f5255e386c5311f3234 SSDeep: 1536:IFVCVp7DQI6BT8IbWZQAFGwnKY3X49IeSWroUYf8rQxq6OLYehPS8iIRBEu:IFVypHcWZPKYH9U88MxqJ8YKDIf ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\LEC y1M\se4L.png	MD5: a5fda91c94cca4b4d4fffa9c9ce9c9c2 SHA1: dcd5eddebc17fd0d4384e26dcb2da0334bed77f7 SHA256: b0e018a5816c6c2cbc9b23f8bc10e6776e46c9c1d1a61e5e8cc3299688c080a0 SSDeep: 96:wAKS7mIwlZI/7WJas8fJAjmt3yR8Rt68rPZVgrxD36n+VCtJSdV2Hfq+GOgQgk+:wZSII/7JFJAjx8RrV+zosCtJcROX+ ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\LEC y1M\se4L.png.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: a5fda91c94cca4b4d4fffa9c9ce9c9c2 SHA1: dcd5eddebc17fd0d4384e26dcb2da0334bed77f7 SHA256: b0e018a5816c6c2cbc9b23f8bc10e6776e46c9c1d1a61e5e8cc3299688c080a0 SSDeep: 96:wAKS7mIwlZI/7WJas8fJAjmt3yR8Rt68rPZVgrxD36n+VCtJSdV2Hfq+GOgQgk+:wZSII/7JFJAjx8RrV+zosCtJcROX+ ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\N5glZ_ot2BPg.swf	MD5: 9744daf6a50bcbd27e070d7b93770eb2 SHA1: 61ec10baf39e3c596bca909014d28272b256a79c SHA256: 0ded16d0dafc4dd41a49977f43d0b9078694466e103006f9406820b7e5567a92 SSDeep: 1536:SECKn4iMggLmmmgo6j4i6ycohnUJBwGMZj9hiE+i3AaBjfVt0S/C0u:SsvgLmTUjTBcohnUJBZ8je61fVtKj ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\N5glZ_ot2BPg.swf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 9744daf6a50bcbd27e070d7b93770eb2 SHA1: 61ec10baf39e3c596bca909014d28272b256a79c SHA256: 0ded16d0dafc4dd41a49977f43d0b9078694466e103006f9406820b7e5567a92 SSDeep: 1536:SECKn4iMggLmmmgo6j4i6ycohnUJBwGMZj9hiE+i3AaBjfVt0S/C0u:SsvgLmTUjTBcohnUJBZ8je61fVtKj ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\NVChGlevkoRjEh-4.ppt	MD5: 1ea83511ac665cba04579f5c568b4229 SHA1: 36cfb1749dda55109a5005f592d745c0aed021d1 SHA256: 3ce1d68a91fc39fc36d4575fbc89b59b6f7db951785481191fcc25d0acab2648 SSDeep: 384:+OpLwiD/w/RSZBe5vZtI1JbssjMq0nDcAJfgmMO+A2FNEmemvQwLLWDIQu:5pvM/R8Be5HiJxjMLwiWNEm/QcM5u ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\NVChGlevkoRjEh-4.ppt.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 1ea83511ac665cba04579f5c568b4229 SHA1: 36cfb1749dda55109a5005f592d745c0aed021d1 SHA256: 3ce1d68a91fc39fc36d4575fbc89b59b6f7db951785481191fcc25d0acab2648 SSDeep: 384:+OpLwiD/w/RSZBe5vZtI1JbssjMq0nDcAJfgmMO+A2FNEmemvQwLLWDIQu:5pvM/R8Be5HiJxjMLwiWNEm/QcM5u ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\QsFi7A0Ff-4Zif40.flv	MD5: 6b2f0fb86e5e3ca11a743d77b3a3c1a8 SHA1: 81d48702c842320a759c6b17b4050b584ed13583 SHA256: fea2a3e530940e5e2fcbaae597518052426b793b76e7abf0912f2ea08a972291 SSDeep: 1536:KeEhc01ifJBH8b6KqPbpjvGgKIEHM9ULTPYEHsBU6/jCNu:KeEhfGBHdfbpjvGgK1HMk0XBUQjC0 ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\QsFi7A0Ff-4Zif40.flv.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 6b2f0fb86e5e3ca11a743d77b3a3c1a8 SHA1: 81d48702c842320a759c6b17b4050b584ed13583 SHA256: fea2a3e530940e5e2fcbaae597518052426b793b76e7abf0912f2ea08a972291 SSDeep: 1536:KeEhc01ifJBH8b6KqPbpjvGgKIEHM9ULTPYEHsBU6/jCNu:KeEhfGBHdfbpjvGgK1HMk0XBUQjC0 ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\rqNverwPZv42JV.flv	MD5: a0b0234d2a6d68df561eb3b0a146cffe SHA1: 30ed007474dda5e71f113c893d64563f6465e8f1 SHA256: ec0f1b8654cd9575fc3b1a07565efc58482d65e84a5bcac310d1df50ce6f3506 SSDeep: 768:9k081Ln0EtcI6t5s0ZK4B71GXTv37Ax3/SZPk+cFRsuTWLiRbnsMbJRQ4I07XxV0:u31Ln3c75sixe7Uh/SUFRswRZVQTKu ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\rqNverwPZv42JV.flv.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: a0b0234d2a6d68df561eb3b0a146cffe SHA1: 30ed007474dda5e71f113c893d64563f6465e8f1 SHA256: ec0f1b8654cd9575fc3b1a07565efc58482d65e84a5bcac310d1df50ce6f3506 SSDeep: 768:9k081Ln0EtcI6t5s0ZK4B71GXTv37Ax3/SZPk+cFRsuTWLiRbnsMbJRQ4I07XxV0:u31Ln3c75sixe7Uh/SUFRswRZVQTKu ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\SGkLqISAYkg22NMe.swf	MD5: d5987d3bb3e153eff38c2949418dbf27 SHA1: c8c9151a19d6647e6362e844b9c59a7a8615ca38 SHA256: 4b673280191b06c1a8368cbceae6b854e48d3990b206e6ab9d9bc1b1c4c1c65d SSDeep: 768:WrEegNNOdYIoN4NXHlt+Df/j83fmFB+4ifnVQDUKvsiZJp1cG90X6mOXmmIknyrh:LeiNOVg4NXiDnI3fmH4VgUjiPp1cGI6W ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\SGkLqISAYkg22NMe.swf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: d5987d3bb3e153eff38c2949418dbf27 SHA1: c8c9151a19d6647e6362e844b9c59a7a8615ca38 SHA256: 4b673280191b06c1a8368cbceae6b854e48d3990b206e6ab9d9bc1b1c4c1c65d SSDeep: 768:WrEegNNOdYIoN4NXHlt+Df/j83fmFB+4ifnVQDUKvsiZJp1cG90X6mOXmmIknyrh:LeiNOVg4NXiDnI3fmH4VgUjiPp1cGI6W ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\T8ss-NNC6a.png	MD5: 02ab63002ba773f0d621aa518efba026 SHA1: 0451a2d8ec76b168409427b7b2d5c925f1d99cf7 SHA256: cfe39bb8fccd1825ac63799867dd4ac97b1a0787153a61d447f14903062a5785 SSDeep: 96:KxLsLbZq2YGqjc9iLcSpijLR3aE7B+GOgQgk+:eLyLhqjc94QA2BROX+ ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\T8ss-NNC6a.png.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 02ab63002ba773f0d621aa518efba026 SHA1: 0451a2d8ec76b168409427b7b2d5c925f1d99cf7 SHA256: cfe39bb8fccd1825ac63799867dd4ac97b1a0787153a61d447f14903062a5785 SSDeep: 96:KxLsLbZq2YGqjc9iLcSpijLR3aE7B+GOgQgk+:eLyLhqjc94QA2BROX+ ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\tps2Xi4Z_o.flv	MD5: 04a0c62f0a136a424baaec3c36eb6574 SHA1: c97fe77c6d037dbad7568ee2714f5f9b9921132a SHA256: f28e596eaf6144ebb1f9ca5b1db0a6f8592f97d150c647a21a6c540d583463f9 SSDeep: 1536:cqMRwh139ZBLAsG6JSGrwZscgxABg7eXzQ7v4psFVD4jGKGwh7u:Qm3dAmrP1xt0zQ7Ap4D4SZ ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\tps2Xi4Z_o.flv.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 04a0c62f0a136a424baaec3c36eb6574 SHA1: c97fe77c6d037dbad7568ee2714f5f9b9921132a SHA256: f28e596eaf6144ebb1f9ca5b1db0a6f8592f97d150c647a21a6c540d583463f9 SSDeep: 1536:cqMRwh139ZBLAsG6JSGrwZscgxABg7eXzQ7v4psFVD4jGKGwh7u:Qm3dAmrP1xt0zQ7Ap4D4SZ ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\Um03CTlTx2.mp4	MD5: 8dd86a1e4120d473ca5ddf8de1a0709e SHA1: be6ce787dad26e74364ea12f06b0c8ea921dd61d SHA256: b350485a565b3c0f3d4a73b80786dd40b33167f9a6cca78f60d56fbc8632e6b6 SSDeep: 1536:FKxpNA7zFkqn1et/5Augu2zEqusaXEnes2aYmh3uSRRKGjeT9dJgCpjO5snu:eNSFkqi5bgFdaXEe+Ymh3uSRpIc5n ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\Um03CTlTx2.mp4.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 8dd86a1e4120d473ca5ddf8de1a0709e SHA1: be6ce787dad26e74364ea12f06b0c8ea921dd61d SHA256: b350485a565b3c0f3d4a73b80786dd40b33167f9a6cca78f60d56fbc8632e6b6 SSDeep: 1536:FKxpNA7zFkqn1et/5Augu2zEqusaXEnes2aYmh3uSRRKGjeT9dJgCpjO5snu:eNSFkqi5bgFdaXEe+Ymh3uSRpIc5n ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\UWyo BXoBgCXp.mp3	MD5: 2ee7b14f971f8b1ea4bd0dca1f696e9c SHA1: d13e50507a3c739764957bc3148d254cf3d67f64 SHA256: 4e726636762a7613695d11ddecd1f8c4495aa495a960adbac136fa73034b2b1b SSDeep: 1536:Sv4AvmmzIyy+hxdVEUucKCTSgV8CNCRu9J6BIoqTDZzH/GVE13jryguzDN+RjhUF:SQ/XyhWUucKCu0Cgo2tDpNygaNEuIG ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\UWyo BXoBgCXp.mp3.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 2ee7b14f971f8b1ea4bd0dca1f696e9c SHA1: d13e50507a3c739764957bc3148d254cf3d67f64 SHA256: 4e726636762a7613695d11ddecd1f8c4495aa495a960adbac136fa73034b2b1b SSDeep: 1536:Sv4AvmmzIyy+hxdVEUucKCTSgV8CNCRu9J6BIoqTDZzH/GVE13jryguzDN+RjhUF:SQ/XyhWUucKCu0Cgo2tDpNygaNEuIG ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\vPNd5r.m4a	MD5: aa25d26e0430ce6328cf3e3d71a79854 SHA1: 7edba89ece21e727249d64594332e7b71a302337 SHA256: 32d76769e72244ab2c1228bc85ac6f1d4224647b43b0ec2c5891e6866b58689e SSDeep: 1536:6sNjnLxFp3pPSpr0AsVWCGiWaUMJYOL0vYiF5yz/nn/Jq7En+/ejXWb6VXubu:6w3xFp5KfSzVUMJ50giF4zHJq7E+Nb6N ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\vPNd5r.m4a.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: aa25d26e0430ce6328cf3e3d71a79854 SHA1: 7edba89ece21e727249d64594332e7b71a302337 SHA256: 32d76769e72244ab2c1228bc85ac6f1d4224647b43b0ec2c5891e6866b58689e SSDeep: 1536:6sNjnLxFp3pPSpr0AsVWCGiWaUMJYOL0vYiF5yz/nn/Jq7En+/ejXWb6VXubu:6w3xFp5KfSzVUMJ50giF4zHJq7E+Nb6N ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\WngvlI9HhGNFIHt.doc	MD5: d5d4492aa3c47ae18ecb72c3a830d73b SHA1: ed57c286f81a1f1cc26a5ec3beecf337449b7dfa SHA256: 7025f0cfd77585b0dc237cafd0eabe36f6892b6bf77593ab12fc668eded7a25e SSDeep: 1536:kViu2B+LBxMUZNFCFRHh5TpuaM4FQHDNJ7JzEQ5ry8c7zSDu:rB+LUy2540Qj7JhM8QzSq ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\WngvlI9HhGNFIHt.doc.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: d5d4492aa3c47ae18ecb72c3a830d73b SHA1: ed57c286f81a1f1cc26a5ec3beecf337449b7dfa SHA256: 7025f0cfd77585b0dc237cafd0eabe36f6892b6bf77593ab12fc668eded7a25e SSDeep: 1536:kViu2B+LBxMUZNFCFRHh5TpuaM4FQHDNJ7JzEQ5ry8c7zSDu:rB+LUy2540Qj7JhM8QzSq ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\XLMOBIDgt-65GJKBZs.mp4	MD5: 77d8c6fdf4936bd6520ecf6399a22c27 SHA1: f72ffed86e9772c3322df0a528040f141dfcc690 SHA256: 8b98ef71db479917960c2482cf796b7cd25d1a7132223489d59a5f6b74520259 SSDeep: 384:cLbFcakDrNJN759JO9ihapnrrMucr+YInIth+5aCBmQu:c1cpA9fnf2r8nc+cCB3u ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\XLMOBIDgt-65GJKBZs.mp4.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: 77d8c6fdf4936bd6520ecf6399a22c27 SHA1: f72ffed86e9772c3322df0a528040f141dfcc690 SHA256: 8b98ef71db479917960c2482cf796b7cd25d1a7132223489d59a5f6b74520259 SSDeep: 384:cLbFcakDrNJN759JO9ihapnrrMucr+YInIth+5aCBmQu:c1cpA9fnf2r8nc+cCB3u ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\yBv.jpg	MD5: e7f5dd6703f0d535cdd52613f5daf00b SHA1: 89b156f121e4c85501cb1ad90858a556447022e8 SHA256: b5f291ce74ddea7399c0f4ccaefa58bb620ff197762b697f2688151fb15a11ec SSDeep: 768:ZmhW2C/NgGGXzLRe7RQeNOWYEmPwAJYdPtiozKx6MSctraNwQiEHwr7LyKnHRH+f:hXuGMUFTOWYEvA6dfSZ7qrQvLVnHlx3u ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\yBv.jpg.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: e7f5dd6703f0d535cdd52613f5daf00b SHA1: 89b156f121e4c85501cb1ad90858a556447022e8 SHA256: b5f291ce74ddea7399c0f4ccaefa58bb620ff197762b697f2688151fb15a11ec SSDeep: 768:ZmhW2C/NgGGXzLRe7RQeNOWYEmPwAJYdPtiozKx6MSctraNwQiEHwr7LyKnHRH+f:hXuGMUFTOWYEvA6dfSZ7qrQvLVnHlx3u ImpHash: None	Access	Dropped File
C:\Users\FD1HVy\Desktop\za7tguGWEH8Un6nT2.rtf	MD5: db24828c9447ed9074c61f05e48e6aa6 SHA1: 7446bfe80749b3099b0b1af69acdaedc998cf318 SHA256: 4b7d1fdafb1866f4e58a4354d77f045145a29a0499a290d5002d3a4b232f57fc SSDeep: 1536:fTIQ4Dcte9LOJ0F0cF0ioEyuBQhDYgYS5z4orhzu:cQRte9LOJ0e2cusBR0Qa ImpHash: None	Access, Read, Write	Modified File
C:\Users\FD1HVy\Desktop\za7tguGWEH8Un6nT2.rtf.E5A57CBB-C8F5-8ECD-FBE7-0F42DE6C2FE2	MD5: db24828c9447ed9074c61f05e48e6aa6 SHA1: 7446bfe80749b3099b0b1af69acdaedc998cf318 SHA256: 4b7d1fdafb1866f4e58a4354d77f045145a29a0499a290d5002d3a4b232f57fc SSDeep: 1536:fTIQ4Dcte9LOJ0F0cF0ioEyuBQhDYgYS5z4orhzu:cQRte9LOJ0e2cusBR0Qa ImpHash: None	Access	Dropped File
C:\WINDOWS\system32	-	Access
System Paging File	-	Read, Write

Registry (31)

»

Registry Key Name	Operations
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	Access
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe	Read, Write
HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Access
HKEY_CURRENT_USER\Software\Borland\Locales	Access
HKEY_CURRENT_USER\Software\Buran	Access
HKEY_CURRENT_USER\Software\Buran\Knock	Read, Write
HKEY_CURRENT_USER\Software\Buran\Service	Access
HKEY_CURRENT_USER\Software\Buran\Service\Private	Read, Write
HKEY_CURRENT_USER\Software\Buran\Service\Public	Read, Write
HKEY_CURRENT_USER\Software\Buran\Stop	Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor	Access
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun	Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar	Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor	Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion	Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck	Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions	Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar	Read
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System	Access
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System	Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes	Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2	Read
HKEY_LOCAL_MACHINE\Software\Borland\Locales	Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun	Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar	Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DefaultColor	Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion	Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DisableUNCCheck	Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions	Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar	Read

Domain (1)

»

Domain	Sources
iplogger.ru	PCAP, Function Log

URL (1)

»

URL	Operations	Sources
iplogger.ru/http://iplogger.info/1jqu87.html	GET	PCAP, Function Log

IP (1)

»

IP	Protocols	Sources
88.99.66.31	HTTP, TCP	PCAP, Function Log

Remarks (1/1)

Indicators

Before

After