db8b499d...e785

C:\Users\FD1HVy\Desktop\asdjasfhdlkfadfhds.exe1.exe

Sample File

Binary

Malicious

»

Mime Type	application/vnd.microsoft.portable-executable
File Size	228.50 KB
MD5	e134d5a91ed31516566a091c0caa76fe
SHA1	260c54f8ef9450d2366794f35d0b291bdc133ec5
SHA256	db8b499d613b604a439bca37c3be2f578bdfcde1b2271eccbcf22db85996e785
SSDeep	3072:PaOtRGsL8/MmCtAyBsli4bnQC2mCr/yXt5NKMxyNuX987URxf+zgTP7VZKf:PhGsL8kfAyBslvAyd3KMxomvf+iC
ImpHash	c4aad01e653e8700334c4e14fafa9909

File Reputation Information

»

Severity	Blacklisted
First Seen	2020-01-09 18:55 (UTC+1)
Last Seen	2020-01-17 02:39 (UTC+1)
Names	Win32.Trojan.Azden
Families	Azden
Classification	Trojan

PE Information

»

Image Base	0x400000
Entry Point	0x414751
Size Of Code	0x2b200
Size Of Initialized Data	0x10800
File Type	FileType.executable
Subsystem	Subsystem.windows_cui
Machine Type	MachineType.i386
Compile Timestamp	2020-01-08 15:44:12+00:00

Sections (6)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0x2b065	0x2b200	0x400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.69
.rdata	0x42d000	0xa3c2	0xa400	0x2b600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.64
.data	0x438000	0x4338	0x1800	0x35a00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	5.24
.gfids	0x43d000	0xb0	0x200	0x37200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	1.88
.rsrc	0x43e000	0x1e0	0x200	0x37400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.72
.reloc	0x43f000	0x1b4c	0x1c00	0x37600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	6.6

Imports (2)

»

KERNEL32.dll (79)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetModuleHandleA	0x0	0x42d010	0x36c7c	0x3527c	0x264
LoadLibraryA	0x0	0x42d014	0x36c80	0x35280	0x3a5
GetComputerNameA	0x0	0x42d018	0x36c84	0x35284	0x1ce
CreateProcessA	0x0	0x42d01c	0x36c88	0x35288	0xd7
GetProcAddress	0x0	0x42d020	0x36c8c	0x3528c	0x29d
GetLastError	0x0	0x42d024	0x36c90	0x35290	0x250
QueryPerformanceCounter	0x0	0x42d028	0x36c94	0x35294	0x42d
GetDriveTypeA	0x0	0x42d02c	0x36c98	0x35298	0x21e
UnhandledExceptionFilter	0x0	0x42d030	0x36c9c	0x3529c	0x582
SetUnhandledExceptionFilter	0x0	0x42d034	0x36ca0	0x352a0	0x543
GetCurrentProcess	0x0	0x42d038	0x36ca4	0x352a4	0x209
TerminateProcess	0x0	0x42d03c	0x36ca8	0x352a8	0x561
IsProcessorFeaturePresent	0x0	0x42d040	0x36cac	0x352ac	0x36d
GetCurrentProcessId	0x0	0x42d044	0x36cb0	0x352b0	0x20a
GetCurrentThreadId	0x0	0x42d048	0x36cb4	0x352b4	0x20e
GetSystemTimeAsFileTime	0x0	0x42d04c	0x36cb8	0x352b8	0x2d6
InitializeSListHead	0x0	0x42d050	0x36cbc	0x352bc	0x34b
IsDebuggerPresent	0x0	0x42d054	0x36cc0	0x352c0	0x367
GetStartupInfoW	0x0	0x42d058	0x36cc4	0x352c4	0x2be
GetModuleHandleW	0x0	0x42d05c	0x36cc8	0x352c8	0x267
RtlUnwind	0x0	0x42d060	0x36ccc	0x352cc	0x4ad
SetLastError	0x0	0x42d064	0x36cd0	0x352d0	0x50b
EnterCriticalSection	0x0	0x42d068	0x36cd4	0x352d4	0x125
LeaveCriticalSection	0x0	0x42d06c	0x36cd8	0x352d8	0x3a2
DeleteCriticalSection	0x0	0x42d070	0x36cdc	0x352dc	0x105
InitializeCriticalSectionAndSpinCount	0x0	0x42d074	0x36ce0	0x352e0	0x348
TlsAlloc	0x0	0x42d078	0x36ce4	0x352e4	0x573
TlsGetValue	0x0	0x42d07c	0x36ce8	0x352e8	0x575
TlsSetValue	0x0	0x42d080	0x36cec	0x352ec	0x576
TlsFree	0x0	0x42d084	0x36cf0	0x352f0	0x574
FreeLibrary	0x0	0x42d088	0x36cf4	0x352f4	0x19e
LoadLibraryExW	0x0	0x42d08c	0x36cf8	0x352f8	0x3a7
ExitProcess	0x0	0x42d090	0x36cfc	0x352fc	0x151
GetModuleHandleExW	0x0	0x42d094	0x36d00	0x35300	0x266
MultiByteToWideChar	0x0	0x42d098	0x36d04	0x35304	0x3d1
CloseHandle	0x0	0x42d09c	0x36d08	0x35308	0x7f
CreateThread	0x0	0x42d0a0	0x36d0c	0x3530c	0xe8
ExitThread	0x0	0x42d0a4	0x36d10	0x35310	0x152
ResumeThread	0x0	0x42d0a8	0x36d14	0x35314	0x4a8
FreeLibraryAndExitThread	0x0	0x42d0ac	0x36d18	0x35318	0x19f
ReadFile	0x0	0x42d0b0	0x36d1c	0x3531c	0x450
GetStdHandle	0x0	0x42d0b4	0x36d20	0x35320	0x2c0
WriteFile	0x0	0x42d0b8	0x36d24	0x35324	0x5e1
GetModuleFileNameA	0x0	0x42d0bc	0x36d28	0x35328	0x262
WideCharToMultiByte	0x0	0x42d0c0	0x36d2c	0x3532c	0x5cd
GetCommandLineA	0x0	0x42d0c4	0x36d30	0x35330	0x1c8
GetCommandLineW	0x0	0x42d0c8	0x36d34	0x35334	0x1c9
GetACP	0x0	0x42d0cc	0x36d38	0x35338	0x1a4
HeapFree	0x0	0x42d0d0	0x36d3c	0x3533c	0x333
HeapAlloc	0x0	0x42d0d4	0x36d40	0x35340	0x32f
GetConsoleMode	0x0	0x42d0d8	0x36d44	0x35344	0x1ee
ReadConsoleW	0x0	0x42d0dc	0x36d48	0x35348	0x44e
GetConsoleCP	0x0	0x42d0e0	0x36d4c	0x3534c	0x1dc
CompareStringW	0x0	0x42d0e4	0x36d50	0x35350	0x93
LCMapStringW	0x0	0x42d0e8	0x36d54	0x35354	0x396
MoveFileExW	0x0	0x42d0ec	0x36d58	0x35358	0x3ca
GetFileType	0x0	0x42d0f0	0x36d5c	0x3535c	0x23e
GetFileAttributesExW	0x0	0x42d0f4	0x36d60	0x35360	0x232
SetFilePointerEx	0x0	0x42d0f8	0x36d64	0x35364	0x4fd
GetStringTypeW	0x0	0x42d0fc	0x36d68	0x35368	0x2c5
HeapReAlloc	0x0	0x42d100	0x36d6c	0x3536c	0x336
FindClose	0x0	0x42d104	0x36d70	0x35370	0x168
FindFirstFileExA	0x0	0x42d108	0x36d74	0x35374	0x16d
FindNextFileA	0x0	0x42d10c	0x36d78	0x35378	0x17d
IsValidCodePage	0x0	0x42d110	0x36d7c	0x3537c	0x372
GetOEMCP	0x0	0x42d114	0x36d80	0x35380	0x286
GetCPInfo	0x0	0x42d118	0x36d84	0x35384	0x1b3
GetEnvironmentStringsW	0x0	0x42d11c	0x36d88	0x35388	0x227
FreeEnvironmentStringsW	0x0	0x42d120	0x36d8c	0x3538c	0x19d
SetEnvironmentVariableA	0x0	0x42d124	0x36d90	0x35390	0x4ed
SetStdHandle	0x0	0x42d128	0x36d94	0x35394	0x522
GetProcessHeap	0x0	0x42d12c	0x36d98	0x35398	0x2a2
FlushFileBuffers	0x0	0x42d130	0x36d9c	0x3539c	0x192
CreateFileW	0x0	0x42d134	0x36da0	0x353a0	0xc2
WriteConsoleW	0x0	0x42d138	0x36da4	0x353a4	0x5e0
HeapSize	0x0	0x42d13c	0x36da8	0x353a8	0x338
SetEndOfFile	0x0	0x42d140	0x36dac	0x353ac	0x4ea
DecodePointer	0x0	0x42d144	0x36db0	0x353b0	0xfe
RaiseException	0x0	0x42d148	0x36db4	0x353b4	0x440

ADVAPI32.dll (3)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CryptReleaseContext	0x0	0x42d000	0x36c6c	0x3526c	0xdb
CryptAcquireContextA	0x0	0x42d004	0x36c70	0x35270	0xc0
CryptGenRandom	0x0	0x42d008	0x36c74	0x35274	0xd1

Exports (74)

»

Api name	EAT Address	Ordinal
_cJSON_AddArrayToObject@8	0x10ed0	0x1
_cJSON_AddBoolToObject@12	0x10f80	0x2
_cJSON_AddFalseToObject@8	0x11030	0x3
_cJSON_AddItemReferenceToArray@8	0x110e0	0x4
_cJSON_AddItemReferenceToObject@12	0x11130	0x5
_cJSON_AddItemToArray@8	0x111b0	0x6
_cJSON_AddItemToObject@12	0x111f0	0x7
_cJSON_AddItemToObjectCS@12	0x11260	0x8
_cJSON_AddNullToObject@8	0x112c0	0x9
_cJSON_AddNumberToObject@16	0x11370	0xa
_cJSON_AddObjectToObject@8	0x11450	0xb
_cJSON_AddRawToObject@12	0x11500	0xc
_cJSON_AddStringToObject@12	0x11590	0xd
_cJSON_AddTrueToObject@8	0x11620	0xe
_cJSON_Compare@12	0x116d0	0xf
_cJSON_CreateArray@0	0x119b0	0x10
_cJSON_CreateArrayReference@4	0x119e0	0x11
_cJSON_CreateBool@4	0x11a20	0x12
_cJSON_CreateDoubleArray@8	0x11a60	0x13
_cJSON_CreateFalse@0	0x11b00	0x14
_cJSON_CreateFloatArray@8	0x11b30	0x15
_cJSON_CreateIntArray@8	0x11bd0	0x16
_cJSON_CreateNull@0	0x11c70	0x17
_cJSON_CreateNumber@8	0x11ca0	0x18
_cJSON_CreateObject@0	0x11d10	0x19
_cJSON_CreateObjectReference@4	0x11d40	0x1a
_cJSON_CreateRaw@4	0x11d80	0x1b
_cJSON_CreateString@4	0x11e10	0x1c
_cJSON_CreateStringArray@8	0x11ea0	0x1d
_cJSON_CreateStringReference@4	0x11f30	0x1e
_cJSON_CreateTrue@0	0x11f70	0x1f
_cJSON_Delete@4	0x11fb0	0x20
_cJSON_DeleteItemFromArray@8	0x12030	0x21
_cJSON_DeleteItemFromObject@8	0x12050	0x22
_cJSON_DeleteItemFromObjectCaseSensitive@8	0x120c0	0x23
_cJSON_DetachItemFromArray@8	0x12130	0x24
_cJSON_DetachItemFromObject@8	0x121a0	0x25
_cJSON_DetachItemFromObjectCaseSensitive@8	0x12200	0x26
_cJSON_DetachItemViaPointer@8	0x12260	0x27
_cJSON_Duplicate@8	0x122b0	0x28
_cJSON_GetArrayItem@8	0x123a0	0x29
_cJSON_GetArraySize@4	0x123d0	0x2a
_cJSON_GetErrorPtr@0	0x12400	0x2b
_cJSON_GetObjectItem@8	0x12410	0x2c
_cJSON_GetObjectItemCaseSensitive@8	0x12430	0x2d
_cJSON_GetStringValue@4	0x12450	0x2e
_cJSON_HasObjectItem@8	0x12480	0x2f
_cJSON_InitHooks@4	0x124a0	0x30
_cJSON_InsertItemInArray@12	0x12530	0x31
_cJSON_IsArray@4	0x125a0	0x32
_cJSON_IsBool@4	0x125c0	0x33
_cJSON_IsFalse@4	0x125e0	0x34
_cJSON_IsInvalid@4	0x12600	0x35
_cJSON_IsNull@4	0x12620	0x36
_cJSON_IsNumber@4	0x12640	0x37
_cJSON_IsObject@4	0x12660	0x38
_cJSON_IsRaw@4	0x12680	0x39
_cJSON_IsString@4	0x126a0	0x3a
_cJSON_IsTrue@4	0x126c0	0x3b
_cJSON_Minify@4	0x126e0	0x3c
_cJSON_Parse@4	0x127f0	0x3d
_cJSON_ParseWithOpts@12	0x12810	0x3e
_cJSON_Print@4	0x12990	0x3f
_cJSON_PrintBuffered@12	0x129b0	0x40
_cJSON_PrintPreallocated@16	0x12a70	0x41
_cJSON_PrintUnformatted@4	0x12b10	0x42
_cJSON_ReplaceItemInArray@12	0x12b30	0x43
_cJSON_ReplaceItemInObject@12	0x12b80	0x44
_cJSON_ReplaceItemInObjectCaseSensitive@12	0x12ba0	0x45
_cJSON_ReplaceItemViaPointer@12	0x12bc0	0x46
_cJSON_SetNumberHelper@12	0x12c30	0x47
_cJSON_Version@0	0x12c90	0x48
_cJSON_free@4	0x12cb0	0x49
_cJSON_malloc@4	0x12cd0	0x4a

Memory Dumps (1)

»

Name	Process ID	Start VA	End VA	Dump Reason	PE Rebuild	Bitness	Entry Point	AV	YARA	Actions
asdjasfhdlkfadfhds.exe1.exe	1	0x01330000	0x01370FFF	Relevant Image		32-bit	0x01346446			... Memory Dump Actions Go to Process Download Dump

C:\588bce7c90097ed212\SplashScreen.bmp

Modified File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\SplashScreen.bmp.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	41.13 KB
MD5	7c15bcf730ace50f044b433d8019965b
SHA1	b00fb6896523b6720b3f993a89dcfc828da091d4
SHA256	7b52c9ba3ae646bc0d916443ff71e76b9a0e0c2bb2ff8f9b7f4764f07a53924b
SSDeep	768:8js4oLl/ETwS9dYVWzZC5o7RPrNxfdz1scs4KyUJswgp25QEFu:8js/NET2kzw5o7l5xV+R4Qzgs5QZ
ImpHash	None

C:\588bce7c90097ed212\header.bmp

Modified File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\header.bmp.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	4.55 KB
MD5	abd935524010a5d52cbef5d9affd86cd
SHA1	e9a430e4aec2dc115bdbad579994976c7e6fb3e9
SHA256	f75daf41c968796b2809b60973d3ffcba2f2b50a024b257a9bace88627cb3829
SSDeep	96:izkJ4TK7TGBttxIjSoLGmGD1ZjVFHJZGmZdO2nBKYT:n6TK2FIGDvVFHJZNHOMBKG
ImpHash	None

C:\588bce7c90097ed212\1025\eula.rtf.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\1025\eula.rtf (Modified File)
Mime Type	application/octet-stream
File Size	8.40 KB
MD5	85cf3105b153e9b1ae0366b1a01a5c61
SHA1	83de63e7b31e988b13c7601d3c8829e7fe15ad99
SHA256	5d69ac7072206451fb2a71bcf6da59eb24b0534ee225c1ca26615a82f03eb473
SSDeep	192:n6TKdfj7Hg7ZBZVtn6KsuOAQx6HfMpJwjeq9Njm9OOaT+ek8D1oMQ+ie:LfjAbVtn65VAQgIKjNOaqek8G9+n
ImpHash	None

C:\588bce7c90097ed212\1028\eula.rtf.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\1028\eula.rtf (Modified File)
Mime Type	application/octet-stream
File Size	7.18 KB
MD5	2254b91d2cf014a49c4f56e521472e32
SHA1	51f03389865a30e618179bd1a8ff6beb76d6cbad
SHA256	bc875ef4fcd9f4870768a4361a970b2b40606e2ceb3135a1ce70ac79b0ff1fb8
SSDeep	192:n6TKI+dB6L5UKqbl/edfLR5ZT9ILq3YduCGD9EaVOx2BIk:JOsbl/eP5rCQsEfBIk
ImpHash	None

C:\588bce7c90097ed212\1029\eula.rtf

Modified File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\1029\eula.rtf.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	4.65 KB
MD5	328cdda8129c3f90c61d3aded1a5acf2
SHA1	74df61f4b7b2d61041dd41505dc87e397ef4cb5c
SHA256	27dfb6191c42d5c82b56182884b33f5af5a29f0fbe2d65dacea1b612b5c4d0cf
SSDeep	96:izkJ4TK6YGbr7vUT/YFGU2ffz3ZvM2gsyIALESyiZvde:n6TK7YAoZ2fTosyIs5Zvde
ImpHash	None

C:\588bce7c90097ed212\1030\eula.rtf

Modified File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\1030\eula.rtf.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	4.26 KB
MD5	a07eb57ce3d875e93a4336b89ea8c829
SHA1	f16b625e23a953bd46045e27363f662d4bf07634
SHA256	e7c659f03445c43766340432d8681594cd48fd576db3c00f1b17373d6426a269
SSDeep	96:izkJ4TKiC2UOjpH8wWIfTUHM+du9WX35poFuwIa:n6TKVCGHwwXugpMj5
ImpHash	None

C:\588bce7c90097ed212\1033\eula.rtf.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\1033\eula.rtf (Modified File)
Mime Type	application/octet-stream
File Size	4.13 KB
MD5	18ff9aa0f4ee042aa8c25776fece10cc
SHA1	b184f83ee82e950fbf5c89985fa1170a41840f77
SHA256	dfe46b2a13be6fcef5f1fd436963805ee0676ce5eb01b0fe475bdd07fbe593d7
SSDeep	96:izkJ4TKTxXgUIrqTcSn2qiA5Q47L9eR0/XIH1j6+N91/Ycc:n6TKTVgUA0nnx559eR0/XWzr/Ycc
ImpHash	None

C:\588bce7c90097ed212\1032\eula.rtf

Modified File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\1032\eula.rtf.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	9.68 KB
MD5	1777a752396a39a75b4ee458800f4544
SHA1	7e03a03e5ffe11606714a9f2019b77bb00e0d08d
SHA256	e8f3ae5b55bfa377c32076ebcb874bce3caa739cdcaa8af6539c29eae6d2ead3
SSDeep	192:n6TKabGCpgkl4p76flARU4AguH/hdg6PAcNXpGbcwexlI477AkyD:MGCp727cqRdjuvg8XEYBIC8kyD
ImpHash	None

C:\588bce7c90097ed212\1035\eula.rtf.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\1035\eula.rtf (Modified File)
Mime Type	application/octet-stream
File Size	4.63 KB
MD5	3458ea68fe9f3172714cb07ad978ffdf
SHA1	f10f5884284bcd0e62241c706637a989586b95f0
SHA256	6940ccb797139492a91aa72289707e77f78c88d5996d78807df730b82ad8b1dc
SSDeep	96:izkJ4TKa5emxGVUrTSqluVa79Mgt3H9vQWoWeZTe0qoCDJc:n6TKaE/iXlFOgbYNq7DC
ImpHash	None

C:\588bce7c90097ed212\1036\eula.rtf.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\1036\eula.rtf (Modified File)
Mime Type	application/octet-stream
File Size	4.46 KB
MD5	9a7f543fc21323f6f5112840d7e4b328
SHA1	e01bdd86590bddb7ee04f9e694af366b43905b17
SHA256	ca94d0c77aaf419411c80cb2295d01efb87978f8ab81c04ef1c4337cd7cbee9a
SSDeep	96:izkJ4TK9Eef2PVI8wN9IAoq4GSm/DHwCsvrOqNyWbf0DWY0oKO:n6TK9lfaVIxvI/q4M7wCuOEQDWX9O
ImpHash	None

C:\588bce7c90097ed212\1038\eula.rtf

Modified File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\1038\eula.rtf.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	5.16 KB
MD5	25c84faf0f1e93aef363bb21aa6c711c
SHA1	7f3fd41ddafed2f81e606aa2f6d7e7b042d34c2e
SHA256	e68469314ae33d2f62f41231b1f0dd5521389e3e3b6eda0b459d54459a5b91db
SSDeep	96:izkJ4TK7P5aVGcMAYBA3Nudu1XEoOnikAIPt2UF0KWN4A5vKDWvxgDr:n6TK7PUVGcMAEUUoOiAYVKWNASxgDr
ImpHash	None

C:\588bce7c90097ed212\1040\eula.rtf.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\1040\eula.rtf (Modified File)
Mime Type	application/octet-stream
File Size	4.57 KB
MD5	8d540c4c1414268cecd9d47102311138
SHA1	e917c907da9c045639d8075c22fa174e369a9be4
SHA256	9eed4ff3965cca6b4542ba468ec10ea3fc8594a4217a0f958446b75f77ccd446
SSDeep	96:izkJ4TKctdkNXuRmboLfQ+diycMsT4tRdYFcLjdDiPYIUaqi5TK0y4P52Zag/cgn:n6TKcLgGtkpMfN2PYIBqKBy44Zd/9HH
ImpHash	None

C:\588bce7c90097ed212\1041\eula.rtf

Modified File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\1041\eula.rtf.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	10.90 KB
MD5	9117a882b77a2e8cf019015cb100d8bf
SHA1	8fcacfe762c363e27a309f62061dcf079aa2690f
SHA256	9c8df1ec60edd9736c050abf438e11e3b936ffd035c4cc5ba169e9c440ba9a14
SSDeep	192:n6TK8/3iWfW0nNPOtZre9B/cbgptrot+UVddjT2K2ZDQoVptjJ/6aVBuqzBC1cmZ:KPVWMCre9hcbgptrotXUqoVDZ6Iuq/mZ
ImpHash	None

C:\588bce7c90097ed212\1042\eula.rtf

Modified File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\1042\eula.rtf.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	13.40 KB
MD5	418fd14d6de803c66772229a6bca7920
SHA1	6622eab68e587d9e5355e4fe0444c4953b827f4f
SHA256	0e6d389dfdfe896dddbdf8d4a7b7164e4b6224104264222960da9915d2a0e91c
SSDeep	384:cwweDvAMEm1lqKcLRubXqjeqIxLx3qfIQVyI4fhu:S0A/2qLAqKP/qTVyIMhu
ImpHash	None

C:\588bce7c90097ed212\1043\eula.rtf

Modified File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\1043\eula.rtf.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	4.48 KB
MD5	fc510da2c6d46f3dd81b21df5561bfbe
SHA1	91c65caee2cb7a30d3160ccba8161c4dcc6fffab
SHA256	c332afb0f3feedda1d6648c27fffadf468f5d7470e18ac675c45838887634efb
SSDeep	96:izkJ4TK+aNv9V55W1gHUN9ybqNiZ0kEgqzSBwVGQbY9gE8B:n6TK+C9I18CXTiei9gj
ImpHash	None

C:\588bce7c90097ed212\1044\eula.rtf.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\1044\eula.rtf (Modified File)
Mime Type	application/octet-stream
File Size	3.99 KB
MD5	e9c3b5994e42e3ecd58aa0a4ae5a8b8e
SHA1	939e55c92354ad85f668a3ae0f007f274bbd1078
SHA256	bf88d32fe9f4fbe7d27fc2da47f97c5c5c44286f13aebfac771903899b863da8
SSDeep	96:izkJ4TK+VVrgPurMlNIzS59ZSi7KhCM1VMKgKjEtVRX:n6TKi9rMl/5cVJE1
ImpHash	None

C:\588bce7c90097ed212\1046\eula.rtf.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\1046\eula.rtf (Modified File)
Mime Type	application/octet-stream
File Size	4.62 KB
MD5	e353b97260b6686632d8321edc4a0b86
SHA1	dd17081a73394075df7b8d26e6e04ef5f03bf2d7
SHA256	d9e284327837417d53fd986e25e49b71afc06ad95cc364287b610f57e75a9516
SSDeep	96:izkJ4TK7rgRuJyeJd6+5nKiVHKVx5+z0DpG5zpzplA3AG0A5dYoFkLIG1aymG:n6TKYw0eT5nK5+ziEp1JG0o6ZLI1G
ImpHash	None

C:\588bce7c90097ed212\1049\eula.rtf

Modified File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\1049\eula.rtf.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	54.20 KB
MD5	927687497d999ab8f3fd32921f3b07c6
SHA1	19195f0974415ea709c3482439af9fda7ccfc191
SHA256	fce18b109d9e7727382ec51fd9470c662b9e519b73b80c7bbd33e5ad7841cb7a
SSDeep	1536:svUA8T6nw0U9KNJVUR4WaQQfysK24oLV15DBeQcI:sL8hv9xKPQksNyDBL
ImpHash	None

C:\588bce7c90097ed212\1053\eula.rtf

Modified File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\1053\eula.rtf.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	4.79 KB
MD5	afd0e357a43352ab37af1ed505f61775
SHA1	29e19a16a904a301bded359e09b3a8e9ea25835a
SHA256	c1b579669d7a8ad95882e681d52b8410e214da8d7fe23f285622afc232d26877
SSDeep	96:izkJ4TKgbopDGu9XHsUxpOfuHRnEbEeMZCjHv1BQA07rszCrqS1UknSh+Cm:n6TKpDLVcoEbdMZCDrAgzCGS1e+D
ImpHash	None

C:\588bce7c90097ed212\1055\eula.rtf

Modified File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\1055\eula.rtf.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	4.79 KB
MD5	d25410b94678dd1965e77b41e75143b3
SHA1	91051e296fdb8d8250d9b12212c48d40678bfb6f
SHA256	fd5373a7df19a4518ccb81004c6df07818ca9a3a4a0615ca5a994bdbd9fd0593
SSDeep	96:izkJ4TKsT5JN0DFwAmQWtiIFQO4LQ66EvKYFb8DwStUw1qT9YD6z0WdFl0NfdPGp:n6TKsT5Lut7eN4LV6EvG+wMRzVjvzZ+y
ImpHash	None

C:\588bce7c90097ed212\2052\eula.rtf.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\2052\eula.rtf (Modified File)
Mime Type	application/octet-stream
File Size	6.71 KB
MD5	a32383fe23bc4732e71f68abb53de8de
SHA1	2872810b04c293ae268de2f5e41a938ca9d6a885
SHA256	e11f28b79516b4a23ddebc22e7eb3749cb40e503190ec47bcf2fdf75da8a9849
SSDeep	96:izkJ4TK3OtBILCw63uokkNFPgZPz6QQOsPR970EM5CQpNiv6wnpKUDkb3EVurZuo:n6TK3OtwXkN0Pz6P564vTBDKMWhz7b
ImpHash	None

C:\588bce7c90097ed212\2070\eula.rtf.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\2070\eula.rtf (Modified File)
Mime Type	application/octet-stream
File Size	4.93 KB
MD5	f8f519b20e3798a6c61c61cdafc12c76
SHA1	0ce8e331f33d2ee1de51e4edcac8b322540f3ff9
SHA256	464318bdf6af523ba384f3fa4f06464ce59d43a69c195cb7588361d8aa759ed8
SSDeep	96:izkJ4TKNm0OwUHhe7pMBslsZJBvtw6l2FgpVWjPt0hRIubQYSlF:n6TKoXApMBaaJB1w1g6jPtkR77SlF
ImpHash	None

C:\588bce7c90097ed212\3076\eula.rtf

Modified File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\3076\eula.rtf.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	7.18 KB
MD5	334df00d6c5210dfc3db0728e1c3de8f
SHA1	198a19e4dc3c586261fcba4c78be158220b65c22
SHA256	b3863d973ce1ca13039a2f2f85e2855b793994b2aa3b3b74877ecc4b54898457
SSDeep	192:n6TKeDqFV4q7U1HDT5dt0f7+EQsPYHLZJ8+A3Qu:/zgt0faEQsAHLoD
ImpHash	None

C:\588bce7c90097ed212\3082\eula.rtf.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\588bce7c90097ed212\3082\eula.rtf (Modified File)
Mime Type	application/octet-stream
File Size	4.01 KB
MD5	8b8fb1af6243e37c8f79daa773609e8f
SHA1	2e0c3870ee9dd4829670a7ceffbf5ca8c9af6b28
SHA256	3d62bf545b77c810021299d0d9fa592a0c62d9979cb3b0c95379e87527383b78
SSDeep	96:izkJ4TKqTEu8t9kiLNRloFt637WCmNDjjWa9CzNwgwX35:n6TKg8kSYt63SCKDv81G5
ImpHash	None

C:\Users\FD1HVy\Desktop\4Roonv SsFXe.png

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Desktop\4Roonv SsFXe.png.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	79.35 KB
MD5	765d9d761e52258a7fa84bf23748da06
SHA1	197303b7ceffebc0cf97541923b712503b7cf3c8
SHA256	9c8d795d2f695ba7e8ff3a9d96a703ac92e3879e2de9168378f8ba5764331e88
SSDeep	1536:Zn+LemE2PwHA4OcB9GHK2dCdfhartvF/Lj9QwOrSIUo2LtW01eMz1q:Jn2PwHA4efCTMFTORUztW01F1q
ImpHash	None

C:\Users\FD1HVy\Desktop\ePbOSxzSTHJyUX0qqV.png.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Desktop\ePbOSxzSTHJyUX0qqV.png (Modified File)
Mime Type	application/octet-stream
File Size	30.32 KB
MD5	ea46eb425fbf0ff5477f533d420c03f9
SHA1	497c48d1015a1c28ba5d9a7d97b056d15549931d
SHA256	d5de81a158abc8e8d933691dbeb6a5c6cf393d386682661b887a6231fd588a57
SSDeep	768:nsM1ZfO040oST9P1CsoIW5jMVdbZz1Na/KymJqPs9Nxz:nsM7fkxST9N7yM3bZTaRUqE/V
ImpHash	None

C:\Users\FD1HVy\Desktop\cBIDHqgfiodnGq1SAsX.jpg.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Desktop\cBIDHqgfiodnGq1SAsX.jpg (Modified File)
Mime Type	application/octet-stream
File Size	41.52 KB
MD5	91c4ec8918db176feb4f518e7097f4a0
SHA1	47a39ced69d222251cf4bdce3ab16904253be219
SHA256	cab93cd33504314b5b9312373d96c33fde9cd977fd7be1a62e9bcc639761f449
SSDeep	768:nl5Wzv/D6denv1wuLod8+/GBBMjrIoMz06DOH0Ywcaxu7BzCgITyGA0Lwj:l5WDOdC1D89OvMjsw0bcdzCPANj
ImpHash	None

C:\Users\FD1HVy\Desktop\HXcn.mp3.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Desktop\HXcn.mp3 (Modified File)
Mime Type	application/octet-stream
File Size	88.41 KB
MD5	6848170202892bb610ca7a571526269d
SHA1	4858b04390b62a4c7e4fb7f8a35de8510b05f73b
SHA256	412ec4509502a3ce086e0c8cc76b2b7f2460493af214913c81d04763a5dc8029
SSDeep	1536:WKCwToXJ3haNVOaS0wZkh2eJocRzU+eL7Lsx3Ec1j3b73Tydx7Bt4lxsHq9pY+T:WKno53hKOi0eJocRQNL3sx3RjLjQPHqT
ImpHash	None

C:\Users\FD1HVy\Desktop\ITbKB5.bmp.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Desktop\ITbKB5.bmp (Modified File)
Mime Type	application/octet-stream
File Size	56.57 KB
MD5	4cf351f0a20d84233c6aeb487124dbf7
SHA1	91bad6ea84540f9b97b7d15cddbe3482ca256e38
SHA256	b17271a50dce3f0f4e02c5dc522a647cf4c8b9a7849fc0890086f5bada21e94c
SSDeep	1536:O5BJg0zvW4UHe9IBJvpNKxWBBceA8q2wyxUqNCrH7A:O5BBz+Vt/SMBceAHigH7A
ImpHash	None

C:\Users\FD1HVy\Desktop\RMph9vbE2uqaXD2g.jpg

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Desktop\RMph9vbE2uqaXD2g.jpg.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	57.71 KB
MD5	5c51e83351a2b6f6658226a5ff754851
SHA1	62998e50998107bdf28fa922da247fae20e58942
SHA256	236fbd15e95102a76c24db7e54a496a54be8afd39fbbe78a35e6c06a4c025f22
SSDeep	1536:vmnRwT2vdk9Fm/eD+yBkM5g4/eiL+o/iKPoJPB0E:vYRwSve+yBkMy4/PqKW0E
ImpHash	None

C:\Users\FD1HVy\Desktop\z4G9GONSasoREb.png

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	64.24 KB
MD5	fae1ac134a460c8df2613502c444c78a
SHA1	02fc724cb9a40ad1e4a369fff021aee00fe89eef
SHA256	3ab579e6788bbb79f2e7613a7117a5a4b5bdcd09a0ce3b1c678b736f8a7f7dd8
SSDeep	1536:uWgDA+54YQzYa3mI0ujAP2qS9uHpjtel9zerDSagw9HwvPg6OD/gxRNW:uR8g3aWI0UA9S0ZM9zerDSq9uPBq47E
ImpHash	None

C:\Users\FD1HVy\Pictures\bnbWqs26Qk0F.gif.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Pictures\bnbWqs26Qk0F.gif (Modified File)
Mime Type	application/octet-stream
File Size	34.84 KB
MD5	e51fb91d03328c20047d0181285cd068
SHA1	9e1eb495a72e4247ccc462a57c05cea9b9bac2fe
SHA256	282a31efb0d6a45c3ee9c87b210d81f38ef91dbb28880574d8b9dcc049a9d128
SSDeep	768:SJaYF+Ii1KKjyO1diX/lqFQmvnbW+k5z5Bn9ypHhltZg1v/63P:ca1aCipCnbW+Gj9sDbgY3P
ImpHash	None

C:\Users\FD1HVy\Pictures\dppH4uxw OfpdPpRxrh7.gif.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Pictures\dppH4uxw OfpdPpRxrh7.gif (Modified File)
Mime Type	application/octet-stream
File Size	19.93 KB
MD5	c7d4a49bc30eee1057d14ad903a2f2a8
SHA1	7e01f5a179897ed17e72e1ecb2d316cc31849595
SHA256	ceeabc37e8822b2af8702d68fc83c364e3024d4ec8e57607d5dc5226d5dc79bb
SSDeep	384:iUUlp4/9MgCFnREHWLjb7S43XxPQNc0uDINQAG3dOwBW6vEZ:iU3qnFL53hPQNc0g3o0W6vU
ImpHash	None

C:\Users\FD1HVy\Pictures\CC-FXFK0L3rN9Y.jpg.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Pictures\CC-FXFK0L3rN9Y.jpg (Modified File)
Mime Type	application/octet-stream
File Size	66.02 KB
MD5	701413f3a74be78ba247d75d34824678
SHA1	a22606ac5c7f37e13176768868ca447cfd70223d
SHA256	2b7dc9a3b09f870e8e55fa5ea9f22cfc1ad7b19ac38ddc8de03542d77bbe225c
SSDeep	1536:6KCnYD55S7COfuHXBR2whgg3Y71J0QS1ZRAQmxVJ:qluHxrd3obNeGQmp
ImpHash	None

C:\Users\FD1HVy\Pictures\dwx420Mg7XFbkOQ.jpg.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Pictures\dwx420Mg7XFbkOQ.jpg (Modified File)
Mime Type	application/octet-stream
File Size	20.87 KB
MD5	0b9a1e7b16b8a45ba6591783395d7dc5
SHA1	f508d8d4bc2917617f9c216718dd44031b5dd28f
SHA256	26ac427759eb596cf95bd5df84bf9d0d22b776dd7c272c84e707bb1e13131ea9
SSDeep	384:8FLfq90gyRJUEo9vXvMJjV8EvkV1q69wSIiSOULZ51dJQiZL5K1ZG:yA+Pdo1MJZqVI1iSOYz3AG
ImpHash	None

C:\Users\FD1HVy\Pictures\EST4et454LcvPX.png

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Pictures\EST4et454LcvPX.png.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	91.55 KB
MD5	74547d6562d3156fa409bdb665d776af
SHA1	9b4ee1ecf36e6ed6982f3e400c1814b8471ae67d
SHA256	00a69487e9b15601804176499d4c3a7ba5260d56f185aa64df40da710b3d2f0b
SSDeep	1536:409KZJoipSsfb+qxBsiDRqnoWQve4lOr2Lsdgsp2Goy3+E5hyBg675FQ3UNi34wo:LsJPpSsfb+q7zRqnoWQveF/gG2y+kh6F
ImpHash	None

C:\Users\FD1HVy\Pictures\FBfq3ydtewWmHX.bmp.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Pictures\FBfq3ydtewWmHX.bmp (Modified File)
Mime Type	application/octet-stream
File Size	32.91 KB
MD5	f7e70baa15ddc436aacf98c2bd6d4798
SHA1	74835214826c1ae3c67bfde101062d55a8e195ff
SHA256	29a26186c685cead70f7aaf5b178be0ac2abf9148d20ddd40f60e00dfff6edb0
SSDeep	768:XBiQaVw0UgJZuP4rsWuRXYu5a0m7v5PLTRDuoGj7DTnhMnREwE:MQI1bJZKXYumvZLT9elZwE
ImpHash	None

C:\Users\FD1HVy\Pictures\Feh2GG.png.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Pictures\Feh2GG.png (Modified File)
Mime Type	application/octet-stream
File Size	48.26 KB
MD5	456bcf05fe1c203ba37e812fb7727b80
SHA1	738427d5223148a3898b7d64025cb4b7eea2f711
SHA256	877f1a157ba1627497f5bc319cb761891cad39cba9409327fb3b0da8c9ac3db4
SSDeep	768:LQ4NQ8YAS4EGupYht7VKLWCt44rSQsDZM6ZbvbsLXuIESQcfOL5W:k4bSfYVFw4ofUZM+vbsLXuGoW
ImpHash	None

C:\Users\FD1HVy\Pictures\fyHiiV.jpg.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Pictures\fyHiiV.jpg (Modified File)
Mime Type	application/octet-stream
File Size	94.43 KB
MD5	72151e6fa1db98ed808caf1c043a7ea2
SHA1	5e88e131b3c22ef9a32be3bebe472fbe12969ebe
SHA256	c912ed01bade1e469040a7c93825b4b4c795510f5d3f3fe02afa95eeabf29bcf
SSDeep	1536:WmpRV8rDLZKINSriDHnLK+7B/3kMZ1M14VGyeJLqeMyPDwYRWUX8TsW6SW9J7QZC:WYR4dNSeLLK+93kOU4VGBfMGDwQWY8QP
ImpHash	None

C:\Users\FD1HVy\Pictures\HD6AR.bmp

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Pictures\HD6AR.bmp.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	25.15 KB
MD5	7f743494a2238e7082931faa64b951f8
SHA1	34ab81ee568f269695539169c9256e124d56955f
SHA256	c546051eb3eee68ca889f6cd575f9554312b99591e9fc244b7024b6795d4d9ae
SSDeep	768:SeT0tm/1kjmDOTl5uJc03QGmp6T8mMMO4:Seotm9qGJc0fmp6TDR
ImpHash	None

C:\Users\FD1HVy\Pictures\Ijhpb-yxk57ZtDG.png

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Pictures\Ijhpb-yxk57ZtDG.png.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	5.18 KB
MD5	5959d3375d35dd1c1a7395d77eeaa7a1
SHA1	0f746e82c53c7a6c99a062ec19ac0ebae270f2ae
SHA256	21bce3df5f9cbaac5eab832d64567eb9aafe73a6de81e407aef968b5a319990a
SSDeep	96:izkJ4TKdn2W+/7N4ewyXcCYtT5Ka9nTwuO035YaZBQcJrIbFn4Lrbug:n6TKd2WkCew4c7T9T3BfQ94LV
ImpHash	None

C:\Users\FD1HVy\Pictures\IkBcoKqD-cgz2z3qAPwB.png.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Pictures\IkBcoKqD-cgz2z3qAPwB.png (Modified File)
Mime Type	application/octet-stream
File Size	78.68 KB
MD5	9224b62b116e3df42c048011be213d22
SHA1	9d1604a47ca60a23cfba3e3c89cbabe4bfd8571e
SHA256	daccca7a7850257af16e13f8099a878ebc2d2a3b2db371aa20bbfcf7af694697
SSDeep	1536:s0xP/KFJ9zC5wvBYSr1fnlnosfjrXUeqnxH25wAZMorOKPTRg+Ab:TcFbzC5wvBVpfnlnos7reBgvZM0Vs
ImpHash	None

C:\Users\FD1HVy\Pictures\Ivkm4tvy4sFu.bmp

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Pictures\Ivkm4tvy4sFu.bmp.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	73.79 KB
MD5	f2cc788df89234a1b8e86f71ac31852a
SHA1	926fa32a98dd8bd9dc5c92e426143421d8cc7a07
SHA256	c872db785122010789676509e3aa356e66036dfa8418ffb47d6162ade870b211
SSDeep	1536:K7xZXgJYJFf0gQJASsOL4ZfEErpoDJH71+MZ2dzVUsiAkDi5vVHuiIaedb:KnZFZJrEkuVb13Mzb8G5v4iIxdb
ImpHash	None

C:\Users\FD1HVy\Pictures\jC4MVa.gif

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Pictures\jC4MVa.gif.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	30.26 KB
MD5	c6cd0de851220f2ab040fbccf8bd77b7
SHA1	c85aeb8ca06fe6133ef88daa8bad6a5fe17b9098
SHA256	9309c2508e872e4d6fde82b8a89789db1d24d082084b9761be0970a99f1f08ff
SSDeep	768:Ozb8/d5H1BZCaCr99hFQw2jQbAloyJmSYCX+aBMCQq9n7ESa:0wbH1BZCvr9VHuQSYIOCQq9I9
ImpHash	None

C:\Users\FD1HVy\Pictures\K-tmfo2hcETiCrFW.png

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Pictures\K-tmfo2hcETiCrFW.png.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	21.26 KB
MD5	6565a8c0e73d516be32d02d1c43aee79
SHA1	ca67bbda5572b39144fdf740de3bc72374358057
SHA256	772b479dc87180bb0e489cd3fc90cb4c86a041321056d35a933f285f97f9a66e
SSDeep	384:QEwhZ04Soht9RyXG5IQ4FGxnKxJrixFtlHJsQWSATlnq67qUYJI2TM6mwwAIG8r:QEn4Ht9YGkLxFinHJSTs67MJI2IvzAIP
ImpHash	None

C:\Users\FD1HVy\Pictures\NgNuSU3Yq6AfH0H4XIPf.bmp.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Pictures\NgNuSU3Yq6AfH0H4XIPf.bmp (Modified File)
Mime Type	application/octet-stream
File Size	55.15 KB
MD5	fb1cd2b08bf12e6e31fde1d3f44afe63
SHA1	a7aef121e7b7a3bcdd5394b339f42002cee95f7e
SHA256	e530e2f19817af24be1a3fa6c2bf708d21f13b1ead96676238a6fd4bfec5ec5e
SSDeep	1536:Ntn8GLwNu19dK7NC3RE7dWDAfHuDPp2UYdkY5tE:jn1cNu1j4Uhwg0fxUY6Yw
ImpHash	None

C:\Users\FD1HVy\Pictures\NiG U3Sr.bmp

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Pictures\NiG U3Sr.bmp.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	53.76 KB
MD5	ef15c6fb926b7ba8a8bbd651dca555c4
SHA1	5897f31fc9f008b34e5c7a3264d8c91671f286d0
SHA256	90af7db65fecbf03e457862ab6a741eac333de81272d461773ac1832e62d0935
SSDeep	768:OLU5U3ZGNIWQI/WMfrWgANRTalpUjdIIXYWwhNqlLQhMz71EF24dUfL6s5LUqh:OyfNEItrINZakdIIXsm5QhhJCL6AUqh
ImpHash	None

C:\Users\FD1HVy\Pictures\oHqt9tGmh3Mf5r1D.gif

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Pictures\oHqt9tGmh3Mf5r1D.gif.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	97.12 KB
MD5	c3da04a1461d7a31173fd9e984e280fa
SHA1	2c9934eff16f66a4787b2c019c17cf56914c056f
SHA256	4de11c29a482540348ea2e54f185e5487c41bfe9f74a634cfa84d6a039bcc2f6
SSDeep	1536:ju+PumernOyQpiYoxewl4A9wFZszFAo97GBJj2p1ohDkzm9q6zRQX8kfgKdo:CKuNnAQiBFZszFT7GBJPmm9q6qX8QO
ImpHash	None

C:\Users\FD1HVy\Pictures\To1vWD99VRx5GIA.gif.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Pictures\To1vWD99VRx5GIA.gif (Modified File)
Mime Type	application/octet-stream
File Size	68.04 KB
MD5	875f66e73e73da25866eecf48f8a2dc4
SHA1	fa075ab593bcef1092d1ae17576af2ace4df7daa
SHA256	2641b8d37cf3702d189a182b4b8619c98300ca47a6b295680f051949dbb439c1
SSDeep	1536:jRv49SNZvzBF4i63XFt8PMXsh1Fyb81VS1gdnT+jWFec8EUvmd:tv4ENZvFFDAXIUI1FtnS1gdFFelyd
ImpHash	None

C:\Users\FD1HVy\Pictures\s6I6DHDeLGZoatSBdQv.gif

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Pictures\s6I6DHDeLGZoatSBdQv.gif.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	28.80 KB
MD5	7f7cb8e10c38392a395c61facbcccd52
SHA1	c7994de1179e3d836241bdb4dbdad7c439b25a12
SHA256	038c35368131f2104cd742a5a9ced0642553bdb258722985cc1f3f9878c94dad
SSDeep	768:P06B9PwqWkyhXt/YxclVa0+BPDMv5mH/mKvhr59V9ANzr1yI0Dw:5wqTWlVa1Lu5Q/f543sDw
ImpHash	None

C:\Users\FD1HVy\Pictures\UGQ-pZan-bQZAuaB9Q65.bmp.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Pictures\UGQ-pZan-bQZAuaB9Q65.bmp (Modified File)
Mime Type	application/octet-stream
File Size	80.57 KB
MD5	d16340a19615686e9200c59a170a8278
SHA1	8234e67ef5efafb623f7b7666866ba2a79f73376
SHA256	f289f881e15a57ff880201caf95a29f5ae579e713f8bcffb148a6643e956d7b6
SSDeep	1536:aW6MUn3vOaIrOxRjyEpPD6j5+sfHlENsm7Z5jIt/aASxkfpWcAbT5zf:aWxA3vOaIrMRjJw5Q5wSDbvp
ImpHash	None

C:\Users\FD1HVy\Pictures\W_mVNsdHRo1.gif.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Pictures\W_mVNsdHRo1.gif (Modified File)
Mime Type	application/octet-stream
File Size	58.73 KB
MD5	b6acc147eefa9074755d61e0c679036b
SHA1	481a216e4f3ba8aaa8e8ea43867b7b96eef10f73
SHA256	c95275e774cb1199a89cc3c560143acce59c4af9b959552102a3f072a1f799c7
SSDeep	768:bHA3+bBNQ/zZfhSpjrKBHdYwKrvlZ5l6z4csP8XOZHpdFfeucJ0m5/jaalBL+:bg3+8z6jraTKLn5l6zeZZHpd9euct5N2
ImpHash	None

C:\Users\FD1HVy\Pictures\Z3FmP-Zr wRhv.bmp

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Pictures\Z3FmP-Zr wRhv.bmp.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	94.04 KB
MD5	e725f75fb468bebe8d4226b3fbbf337b
SHA1	bb68c2f5ce6d188ed74ea229205d14b68a1e86d3
SHA256	aeb66181128adc63c0f32d6416726fb497589ad0ee15c1b6823aaf372a68a8a4
SSDeep	1536:/Rul7JidCbZ69ZiUQucPJImQ20xlkjRcToBPM2sPjh9yIsN++6PsuIO828IZFZBO:/Al7sd6AiUQtG20xCjSF2s7nyIXbIvzr
ImpHash	None

C:\Users\FD1HVy\Pictures\_o2EFSOV0-j.png

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Pictures\_o2EFSOV0-j.png.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	52.05 KB
MD5	d806b224a3ec91340ad69c79d239cf7b
SHA1	958a5ecba817f8df3a8ba3ec63b40fbf7c832e27
SHA256	fde364694ade48f80fb9b974b81b0bfc36ef32a9a4f81c49246d4bc79b4a1e2f
SSDeep	1536:z72dJgZNmlhvAXSt0bosCx/0Z6nDIuqz+0vfouw:zo+EwNbjC90ZSDIpvw
ImpHash	None

C:\Users\FD1HVy\Pictures\_Oxq37.gif

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Pictures\_Oxq37.gif.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	43.38 KB
MD5	eeac2de84232e1a7339e83a7bf48fe2e
SHA1	6d099333bdb630ba88e7ce7d3371653db15ef198
SHA256	f0f5ebd6fd9e8b3b36d116e0f43d14ee74e64f608193e5b64d8eaddfd83bc5d0
SSDeep	768:6nQuMGYOvz5VX6YOHgnlaanq8w1NKxulmjWZ0YQZ8Sm9y9h/rDajiSWbBRux:6nQuMUvVOHKGNKklGWtHfy9So8x
ImpHash	None

C:\Users\All Users\Microsoft\User Account Pictures\Default User.dat.ragnarok_cry

Modified File

Stream

Unknown

»

Also Known As	C:\Users\All Users\Microsoft\User Account Pictures\Default User.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	589.21 KB
MD5	04f968c971007eabfa71cba829ff769e
SHA1	9da6e43fc2475c8e20eacc1109bb60b1190786f4
SHA256	9192b0656e86ae420349866d46b1c12937d13e1174b4eb4458062c410cbac3be
SSDeep	12288:7kLINK59CkhaZmMMlaD4SvsFuluhZfkpONqLKsGvzf3Tst72Yc3Jy:7kLIN6faZPea8SmulKZfkpO8esMQi3Jy
ImpHash	None

C:\Users\All Users\Microsoft\User Account Pictures\guest.bmp.ragnarok_cry

Modified File

Stream

Unknown

»

Also Known As	C:\Users\All Users\Microsoft\User Account Pictures\guest.bmp.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	589.07 KB
MD5	9c5c32691e4240777e39b059bea71764
SHA1	674d085be1ce8c985bee467a3f648c541b92922e
SHA256	c289434fbc5db3ada42cfa37d77f0f4ae02b770bc487e5fe4aa9ecc8a5de2d19
SSDeep	12288:Pmw1/rKE7Kxil/CzWs3teWWUnls4vzwUlcD1uLaFBm5ISIyelW9tSMRi:Pmw1TKETaa4tXWUXLdla1XaIPqi
ImpHash	None

C:\Users\All Users\Microsoft\User Account Pictures\user-192.png.ragnarok_cry

Modified File

Stream

Unknown

»

Also Known As	C:\Users\All Users\Microsoft\User Account Pictures\user-192.png.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	3.37 KB
MD5	52214bc172ac1fd73d883a7025f578b5
SHA1	b68d1abfda7c1d36d7f7ac885fd41df09c35a0e3
SHA256	f1ba9ad154c1744f3f1a4226099294f3affb3f1c81db962b14231b9dd9e42ea3
SSDeep	96:izkJ4TKY/wYPtwVKkAbaWrKH+LuMpc06EFxfcze:n6TKSwYFwAkaZx6EFxfcze
ImpHash	None

C:\Users\All Users\Microsoft\User Account Pictures\user-32.png.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	c:\programdata\microsoft\user account pictures\user-32.png (Modified File)
Mime Type	application/octet-stream
File Size	1.41 KB
MD5	0240ed9e69c45dcc5247c627a395e9c4
SHA1	3f85ace048406809a85bbec72cdb51cf86a3f7f9
SHA256	90aca93c24136d9a2359537e80956dfbbd3db9daade1ecd97b57e977b0cc5255
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0KoQIinhMp9uikJOxHexF2f5rgqg6sG8Z2tG7:i64YzyGwg8eghG0KoQIIhwzxHOF2f5PG
ImpHash	None

C:\Users\All Users\Microsoft\User Account Pictures\user-48.png.ragnarok_cry

Modified File

Stream

Unknown

»

Also Known As	C:\Users\All Users\Microsoft\User Account Pictures\user-48.png.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.51 KB
MD5	b3b4b574d7baa5ce77ac81e99bbaf4fb
SHA1	ef9e87812127cf3265db0a86f8aed7c65fa54909
SHA256	bffc66e9a82cbf6c05493503ab23d850aa199aaf1e5e001fac4b606d5fa5c99a
SSDeep	48:i64YzyGwg8eghG0KobPYPVBbl2OBLKKzX/3ct:izkJ4TKmPuBRbLKKb/Mt
ImpHash	None

C:\Users\All Users\Microsoft\User Account Pictures\user-40.png.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	c:\programdata\microsoft\user account pictures\user-40.png (Modified File)
Mime Type	application/octet-stream
File Size	1.45 KB
MD5	1a0a06890781a0de239e3fe39c1a6fa2
SHA1	e282a1cc2f4a2a35c54edf49866dc8f0f4cfadad
SHA256	eb562468cae54fcb18aeba91a139fb31219ba2ecbe401187d036c3f01003a29d
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0KoJncC+f1aB0s7OWEVQ0j9AFB2tmFIvVGkjW:i64YzyGwg8eghG0KoJncC+f147OlQ4OX
ImpHash	None

C:\Users\All Users\Microsoft\User Account Pictures\user.bmp.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	c:\programdata\microsoft\user account pictures\user.bmp (Modified File)
Mime Type	application/octet-stream
File Size	589.07 KB
MD5	7fad0784f7ed37a5fda19359cd72f9fe
SHA1	0bddd6444fc1a740bf851f072c61453519e44cd5
SHA256	94a912dd513b18cc80c86e65e9b1d0d3f247e3f772903a51654aafbd40e4f329
SSDeep	12288:PM4xJIm8tu2MijxboCi4RIQ5h18MRs+q81IlhDhtVjNeb8eE:Ew788CxEC3R35huMm+iln3jNeQh
ImpHash	None

C:\Users\FD1HVy\AppData\Roaming\LX0vrheR G7p.bmp.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Roaming\LX0vrheR G7p.bmp (Modified File)
Mime Type	application/octet-stream
File Size	82.96 KB
MD5	9484fee41f7012aacc5c1d631e12ee1a
SHA1	daf2a41ba5b61ecfe0a0edb3133f35fe7e60e728
SHA256	ca3933c0ace19a8deb666a8662f2e1cd973770559c10d0d816a44183e93d9874
SSDeep	1536:oykRcf/i4OEscRb1znIpydzE3RzvvDFp/vNA5U8xVoaIVEtIXZ7dv6lLMa2Fh3Z1:oVR8/VsCbpQSzm7rm5hxW3EqXZF6l4aQ
ImpHash	None

C:\Users\FD1HVy\AppData\Roaming\oGsREvSogacQ7wIabF.png.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Roaming\oGsREvSogacQ7wIabF.png (Modified File)
Mime Type	application/octet-stream
File Size	44.07 KB
MD5	ef9c46e82a73b19794273d8b3848083c
SHA1	5489b86280ec931c7498238870a612638ed43395
SHA256	e2ef49e43cdd06ab702ff35c3071784af32baadff61becd05d878bff77f3d3a0
SSDeep	768:bf0kTioG6VpOpZOzG2xZy5CbCFv3ieJxBrDxbawZMji98yj1J2mLO15bFLKtdVDB:bfEoG7pZOS2V8imDDxbniiGy3PSJLKtp
ImpHash	None

C:\Users\FD1HVy\AppData\Roaming\qlC2f-Unra48sU4.pdf

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Roaming\qlC2f-Unra48sU4.pdf.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	18.38 KB
MD5	362ea31701c33d4621bb6df9289a5e4e
SHA1	689a4cfddc75e4643bffd0b262e25e28e0d51423
SHA256	2d84b1ec640f0717c6bc804e89274c2997787f1e6ba76b7a8c8c0721604a4fd8
SSDeep	384:hEF0Se2kUs5MlQW94U34bRDHUC+MZoUzZdZeofarARKeZ:hE+p/5MlQE4U3IeC+MZo8QoCrARF
ImpHash	None

C:\Users\FD1HVy\AppData\Roaming\SDnAPvzROybdYcf2G.gif

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Roaming\SDnAPvzROybdYcf2G.gif.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	81.27 KB
MD5	bec6c499ca709365b2b85c7f259d8a93
SHA1	ad5eafc16ad5ec0aa8e0d78e1d2170420a825f22
SHA256	4a8c00a3b96b24cc12453b4110f75d5676382a2485a0ad93153e997d9c06fa49
SSDeep	1536:KTSv/1eleeY5fnPYlnrse8lBmLk2E5I95aB/nfrzyesvrL:KT3lee6MnraOk21LaFfQvrL
ImpHash	None

C:\Users\FD1HVy\AppData\Roaming\xeFe96nNaR.jpg

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Roaming\xeFe96nNaR.jpg.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	61.68 KB
MD5	3bf1181ece5fc8ae24ee251fc2f71b97
SHA1	482e21a89e24121c0efd5675141a8f9e5e7c241d
SHA256	a875a826213ef7fff6e7af3735c9b711e8ee6c6a5d8859714e69964f21971833
SSDeep	1536:xXTluE7frllUG2KlFr6/E7rtv/5bLDyMizx8SIjA:xXzllhzX7rbHyTzx8y
ImpHash	None

C:\Users\FD1HVy\AppData\Roaming\ZpDD.gif

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	17.91 KB
MD5	a45972597812fad79c4307e31f99bf30
SHA1	780d1f80f7ce4411dcbb709c341327dd3c6e3892
SHA256	fac7c90bb1d92b8b2d3f43f6d2ccf09a3c69fe33befa39c8055d3ac0568df675
SSDeep	384:fjw9BFeiOSIu2KH530fhvy9X8GvWxuCZgdDOUQlEXo2EebwursgWSe3acq3kPCFa:fjSreUTH53wly9X8cWxuAADO7lAo2JBs
ImpHash	None

C:\Users\FD1HVy\AppData\Roaming\_fL4P.mp3

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Roaming\_fL4P.mp3.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	72.87 KB
MD5	592f5acfcf5703c007efd01f73fff78d
SHA1	cc3f178961f9e0b3d473ad426c915af8f7573eb5
SHA256	bc126406e68aedffc3340d81bb4fd4c6e170c9e41a3d953efdfdb2ea2906248e
SSDeep	1536:Hqgn9SAPjKFj0lJW++S0TTb+bxugo4NYEAwHg/yYL:D9dPON0vW++5+bfN4wHgqYL
ImpHash	None

C:\Users\FD1HVy\Desktop\67Rs4NdS4WM\xGFVr-3BalAgx kDk.csv

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Desktop\67Rs4NdS4WM\xGFVr-3BalAgx kDk.csv.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	43.34 KB
MD5	94d0225dc27b6d047cde151fa7e6d883
SHA1	99c9300f55a31185319f845623fc49d3b26d4384
SHA256	d1eda7e7af086bb5529c1d118220ba8d31bd6b2e7cfca6b9ae65fd74ced92b80
SSDeep	768:ecMBvlod3QXzpAqv1WBZ9hsXx7++KCfPhG5NJW4xSko/dKpvb:ePxlotkz5AJhyuoYrSko4Jb
ImpHash	None

C:\Users\FD1HVy\Documents\fIpsW1zfY8n4VRy\2SYtvhGUclZ-C7VK3_b.pdf.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Documents\fIpsW1zfY8n4VRy\2SYtvhGUclZ-C7VK3_b.pdf (Modified File)
Mime Type	application/octet-stream
File Size	48.07 KB
MD5	0d47c60e73114f990551dad7cee9e629
SHA1	0539aa3a4ac62fc444e28696c9de7c28b831c4a7
SHA256	569d753363cdc9ef71f63ec7ddf9e2b42dc0c1e70c228cd8caf0e95886f32c8a
SSDeep	1536:c6mZNOhRiy+PHgb41KqlcGTBqZxfMKveXSON:f8ARiyogbkKLGTBAxEKW1
ImpHash	None

C:\Users\FD1HVy\Documents\fIpsW1zfY8n4VRy\6ngbD.pdf

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Documents\fIpsW1zfY8n4VRy\6ngbD.pdf.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	47.71 KB
MD5	65e7272ed152f7d9496e30572329ee86
SHA1	c89c93c5f9304813e1666b5cad0cedf9c464bf39
SHA256	ca1dd07a7db66e2cf54148f63df62f6214abe7e9340d0aa33e45e5c94ddd84fd
SSDeep	768:0/9w8RBFQe/iwL9M1JXSWwcyHybz2pdWHqxHzMoMbD0SprqfODimf4RsLy9Vw1Rz:0v3FQU0gIyHybITMokproORQKG0QpgnB
ImpHash	None

C:\Users\FD1HVy\Documents\fIpsW1zfY8n4VRy\cDuvna.xls.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Documents\fIpsW1zfY8n4VRy\cDuvna.xls (Modified File)
Mime Type	application/octet-stream
File Size	76.77 KB
MD5	df28cea7a65c1564d9699ed90a00e88d
SHA1	11ea09638589e0e020e76fad257f4ba33d197eb2
SHA256	1740a5fc0b9c779c9e0dadd309b3e4d7e50c45ff8011bd883503e3a32161deac
SSDeep	1536:AW0GxRuP1VE+uv+FalN3SAxU8crKh+sFf9bTc2hCGT5Y:AeR6ZMlsAHX+sFVoGT5Y
ImpHash	None

C:\Users\FD1HVy\Documents\fIpsW1zfY8n4VRy\BErWOr6y.xls

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Documents\fIpsW1zfY8n4VRy\BErWOr6y.xls.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	68.79 KB
MD5	9606320377bb533b6eb62f37b79d75d2
SHA1	3188d6cbdc19cfee69a9c1a2e2385fa713eeda04
SHA256	92ffa2c6adad86a00bebd53b2df8b75774ffcb9f3892d22c8213ce60966eaf83
SSDeep	1536:1ELgwgDiPBGyXdAoAyb/aPQkm5uRoSl21e81s5TOzTb1T+e22:08KdrBsQ1JS4J2TkT7
ImpHash	None

C:\Users\FD1HVy\Documents\fIpsW1zfY8n4VRy\YPhhY0T1sptyYYaRQQVm.doc.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Documents\fIpsW1zfY8n4VRy\YPhhY0T1sptyYYaRQQVm.doc (Modified File)
Mime Type	application/octet-stream
File Size	53.51 KB
MD5	bd37ef558593f5157ebde1c0f686192b
SHA1	7825e4739887480b50a9877d06a806dfc72a7e8a
SHA256	c474bb44c1ee7303a7fed748c5cdc7417978a51e478502785e2c83e980991e18
SSDeep	768:4Jtc3iBFzERE6p23VlvSL9+BxzhopaVYO8Ibet9X3urNHCA3GV3v3vkYRcaI:4MSBuWMaV5tBxdSX6qXX+rNHj3G13v1c
ImpHash	None

C:\Users\FD1HVy\Documents\K7F1p\e2rvkFzSYpjZp.xls.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Documents\K7F1p\e2rvkFzSYpjZp.xls (Modified File)
Mime Type	application/octet-stream
File Size	19.20 KB
MD5	5068e440954b21fcea8bb8ae640d795c
SHA1	d804a9890e0a18f24307387db6681e0d95fccee0
SHA256	443e92b7301b201f76a506d7f3d2ae6aaf17d47eebefde4f00ac68ec4a127d49
SSDeep	384:Ii02tiE5pGxw4m0OlWf+feB5OCg1opskox+W4jmuy7sqLpBQmG:tnNuxwU8jfeClkoxLuy7bvG
ImpHash	None

C:\Users\FD1HVy\Documents\K7F1p\jDSr8nZ.xls.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Documents\K7F1p\jDSr8nZ.xls (Modified File)
Mime Type	application/octet-stream
File Size	54.26 KB
MD5	eab218b005d105342b5cc3e74052b9bf
SHA1	0b4785c2cb0a1c852b79c6de8ee39d254c8c195a
SHA256	3c40b1dca9d82dfa6f261203586f933d507cbfea42e424aee26b85120eeb3c40
SSDeep	768:D85h7K4dfNqSisRZczTJtJBaFgKaB/KQ4PJIqSGVmdHOcO27OISQCHgTVQ7LYiKx:DQffNWfJtJIqL1oId6mdjCIJVriHbS
ImpHash	None

C:\Users\FD1HVy\Music\HFbT7130 UW\ioSfoQJ2Br.mp3.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Music\HFbT7130 UW\ioSfoQJ2Br.mp3 (Modified File)
Mime Type	application/octet-stream
File Size	41.62 KB
MD5	d0ba3ef4a147513c7f0bda7fbf8e4c1e
SHA1	87a21aa6b1da2035c50cee44db838bbd9269f9b1
SHA256	5441641def39c3ad8d71aeb03edfaa49894da62b3b3ec03af449450b53749977
SSDeep	768:FCy641upE5RH0RepuWPuP/nD9SsrKJsQY87lA8VA8QFVaSeGi:FCy6+yepuW2XDQNgVaIi
ImpHash	None

C:\Users\FD1HVy\Desktop\67Rs4NdS4WM\nid6mOdjGpO\cQH4 q8dawXh-lUDy.mp3

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Desktop\67Rs4NdS4WM\nid6mOdjGpO\cQH4 q8dawXh-lUDy.mp3.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	15.41 KB
MD5	d77ca842c927e7b680db951399fbac80
SHA1	0416aa05840be28714e487229e309681259cf49d
SHA256	9488743eca94d8b0d5a582638487b388dd09b77588ae43e93c5eb0c9b48bb6de
SSDeep	384:znv/sbTQIwslZM7Gnzkd768OXZldP9FWjLQgPxU0vtH:zv/sXQID/MSnzkZ6zX1PGxu0v5
ImpHash	None

C:\Users\FD1HVy\Documents\GVdr6v_443\naYQg9mk\Q641CRLqWxXNJ2Dq8.pdf

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Documents\GVdr6v_443\naYQg9mk\Q641CRLqWxXNJ2Dq8.pdf.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	36.88 KB
MD5	b3031b98567d57e5e910ccf75f7f9fb1
SHA1	96e4a68969899b83b7ced522671de3030ad5871b
SHA256	b6f0a31aff854bea070f807a8e8eef65e9fee37c91def97f41c21557c240f1e9
SSDeep	768:xmCuPOhpXM++KEGXNGnvjK9q2xrrjVXsyggyjg3MsNxNinW5SVJ/GFFjjG:xm1O3j+KE6NGvjK5Vtsyggyjg3JwWZW
ImpHash	None

C:\Users\FD1HVy\Music\HFbT7130 UW\0a_DvVXrZ6Ps\a_E-qCJaJYCf-C 4.mp3

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Music\HFbT7130 UW\0a_DvVXrZ6Ps\a_E-qCJaJYCf-C 4.mp3.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	75.51 KB
MD5	d0343d396fa85c6ab2a40060df5ad214
SHA1	e1573b2a67f045e40adbc72bf94e84a8c1eefc68
SHA256	028d877974c50dd18649e64201843ab7bd40f120ec1658e0c344372d9d9ff67f
SSDeep	1536:utz0L0VopLHgaa8lzQjcg4Sux4KzMRQMUMhsTK2D/OFG00B:QoIVXH8lUjcgfGMRQ3Mh+mFj0B
ImpHash	None

C:\Users\FD1HVy\Music\HFbT7130 UW\0a_DvVXrZ6Ps\7hWPO-IdIytPtZ6o.mp3

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Music\HFbT7130 UW\0a_DvVXrZ6Ps\7hWPO-IdIytPtZ6o.mp3.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	29.29 KB
MD5	888ff92576b246877c8227964a6c46b0
SHA1	a5f75c9e4d40c16f50cc3d9df1b3890dc5ecade0
SHA256	18085ff3714b343c136e0fbf5c8b9f9ea27de11548da1ef15f06f228649e58de
SSDeep	768:sZv3wtEbaFAaVGzD30qvXNoEbRX1xxAztNezO8R+:yvAtoa+a4zDTxX1MztNaOt
ImpHash	None

C:\Users\All Users\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\en-us.16\stream.x64.en-us.man.dat.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	c:\programdata\microsoft\clicktorun\201eb7df-c721-4b8b-9c81-a09de7f931e6\en-us.16\stream.x64.en-us.man.dat (Modified File)
Mime Type	application/octet-stream
File Size	862.96 KB
MD5	ec8a72c1719fd5dd8caed102c521607a
SHA1	24322328eb7f86601d5fe6db1ca15a1b3a5a80b6
SHA256	473fa7b82e8a0f8b90c0732238f00d04329ef9c2aea63a8337027bbea9670616
SSDeep	24576:pfcvTqoYkio0DtigBDMzctNpwUU3lyPGSvkWWpwq:pf4io0pigegh1PXkWDq
ImpHash	None

C:\Users\All Users\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\cab1.cab.ragnarok_cry

Modified File

Stream

Unknown

»

Also Known As	C:\Users\All Users\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\cab1.cab.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.23 MB
MD5	b17e467eb8e132ccfeb334e7bd49cda1
SHA1	144af920da317a0484be09a32d102ab2b29fd0ce
SHA256	8e2aff7c7ddc63a584a94365d0925c92f1b7440b7ff1387ed80bd59061ed28bd
SSDeep	24576:IaabCTjD+8kvylQoYtG4DYbLzS8PvD1CdTK5qzsEX6RXbWS4Hwa38DM+87:BdHK8kbPDGxPvD8dTK89IXqk68Dy7
ImpHash	None

C:\Users\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	c:\programdata\package cache\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\packages\vcruntimeminimum_amd64\cab1.cab (Modified File)
Mime Type	application/octet-stream
File Size	1.40 MB
MD5	7153e4e1fca13e19e9895ff615a4f40c
SHA1	a791d0d7b29a1ed15f3e53e5cf28ef6abf84e0de
SHA256	db7d4bbdbc7afa46351919bf641aecfb7022b416d98edb74c2d5664f99392133
SSDeep	24576:+am3Grd280m2Ewd4Zflw+a5ZH3h6vOTIxBX2RT0OR/cLv/nxSwnvxaJBACZkaPte:ZWG90m2yZjaDH3TTiBYT0OyxSwnZaJBu
ImpHash	None

C:\Users\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.ragnarok_cry

Modified File

Stream

Unknown

»

Also Known As	C:\Users\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	0.99 MB
MD5	a826ef89cecb65bc40ecf7aba671ea9b
SHA1	09fc71cbc746bbd98dba6d5a527435e999057c9d
SHA256	ae81adeff76f1c2bc7a8ed8829c0b1be477d0be985aea9e8ff35cf91ba743305
SSDeep	24576:2n2aNC3F+9NdoriLxLUZidDYi6r/XiJjuMHWnkYpxe8gc:2n2/3FKcKxLUZGADjMHWP3l5
ImpHash	None

C:\Users\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.ragnarok_cry

Modified File

Stream

Unknown

»

Also Known As	C:\Users\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	5.33 MB
MD5	77e177360736f96fc4dc8ce58eb047c8
SHA1	d20e87cbb14558212b901c65c07f1d3124a6c2c2
SHA256	06152aa112b167b2b7c1c91dc7ac4ae163c935154b7f38e8a53dc7830902d28e
SSDeep	98304:FWciLqEjIodqsS4SnexXfkTNPMZOAPBIKMGOy6d8mP1Azv9:/iWEIo98ciNk7BIHdvmzv9
ImpHash	None

C:\Users\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.ragnarok_cry

Modified File

Stream

Unknown

»

Also Known As	C:\Users\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	4.92 MB
MD5	9e2f2301bf3fea41b3c32dcfebf1f136
SHA1	cc4e7bfffc3848081dc91812c93e9aa8b2bf8977
SHA256	898e7dbc6688efdd21bb795e303c2a77267f30accde9a81ba77fe6a6fa28d77d
SSDeep	98304:OchEwOUXRDbl2x/fkK32kEbBK+rfHoMjKIKLoamapL9KWnpL:OcaUBDkRf1Pp+joMWIfGpR7
ImpHash	None

C:\Users\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.ragnarok_cry

Modified File

Stream

Unknown

»

Also Known As	C:\Users\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	791.80 KB
MD5	7db3a9b3f0fd6c6424eb8e497277cae2
SHA1	a5fb549484285073b2d9ef489019b604caa10434
SHA256	0cb59f622e713425378f605e5a9c8af2844a0dcb5bc7ce4367a9c222967d2703
SSDeep	12288:jsw22LytYp2sF8Or8FbeCEk9ywP3z95Wdy9HG0U7q2ekZutQAp1pTwGiRiHh5TP:ww2Lg268M8beoywGduaBZutNpec1
ImpHash	None

C:\Users\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	c:\programdata\package cache\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\packages\vcruntimeadditional_x86\cab1.cab (Modified File)
Mime Type	application/octet-stream
File Size	4.71 MB
MD5	c1806b0dc9924fa9de06feb31c6bd813
SHA1	c302a01d77216e09b908a5f45143e31fea34e318
SHA256	45568b97a7f268a7021e546cc0d96abd81e133ffdcb994cc74addaf5847077d1
SSDeep	98304:MOJ2RzK1nfveiIU4UwY9rf2AayYWTEvS684PuYurkHbvmLrkal3p3SaQ:hJg+eLUjrf9LYWQS54mHYHWrke3p3u
ImpHash	None

C:\Users\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.ragnarok_cry

Modified File

Stream

Unknown

»

Also Known As	C:\Users\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	5.61 MB
MD5	803dde576e20bd21d691d2320dfbdee6
SHA1	ae32f0d2848b494636a32e3308b8ffba73c6582c
SHA256	5c0c5260e4987f31d8dbac8635074f73fa9e6eb12c0ac9ea7b4f253b17ae2119
SSDeep	98304:ouD1tGcstwOxPbqCxs2LQb+L8bLBsuTQ0lrY2PtDC//nNL97pHFNSTRivx7/VI4t:FZtCtw4WnKQyoVvYSDC9Z79STRivx7Bt
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	241.23 KB
MD5	748ff55044aae33e41de1c13ff9bc3a5
SHA1	32c96c034ba1235b96a1877e6124ba2c7d21b96c
SHA256	3c12492b7ad9979dc4b5c858ff324095c1bdc24ad0ad5118435e6d6c48f520cc
SSDeep	6144:xxC3WWBHSPTFM1ORSiTxalklrIYjl/953MGORwhbPSma20:xMHSPqEAiTxZJjlwSUma20
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\Internet Explorer\brndlog.txt

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\Internet Explorer\brndlog.txt.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	7.43 KB
MD5	d8076cbf272c6bf0e29e769232e07884
SHA1	1bd9daeb64201a880b55eb0c40bbe687a9922c01
SHA256	c5ae42a46559c08e3fa1c7a6fac5f31c95349029a82f1238ad58a4be5392ab91
SSDeep	192:n6TKtsm2gM/GMwY94FyvysQtpiFQMw8D7ACtTnfjO:/smmh94FgysEoFQM9n/s
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	48.98 KB
MD5	21c3dce8cc7ffec575d7ab1948a96645
SHA1	a63a4eddff4cd60a9e974e791fa08d9698edc104
SHA256	8776330673e537ddaf83fafd0a6c8118be57839e38b85e322ab36587f6b4fbea
SSDeep	768:mLxEhLmD2tlUlVImZSkcO+4yKJ4aesdIwp+Kv/xKZSTr4tiDj2woDHDvdmwN:wMm9oEtCnOXLIwMKhK4Hbr0D1m+
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\Internet Explorer\brndlog.bak.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\Internet Explorer\brndlog.bak (Modified File)
Mime Type	application/octet-stream
File Size	7.43 KB
MD5	60d893bf21ef76ab497e01cf98e0041f
SHA1	b7f3a77da41ec8df504a724d0a4720a22b555697
SHA256	a288cbbc1b338b03728d1c8ca37b3a7a69f627bdc4930b354d552150683d8a65
SSDeep	192:n6TKEroJXvxmm7PHu9FpN3k2rOf70LNZEvF04j1fj+UC:lgKPO9/pHFLNuvR1fjhC
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\OneDrivePersonal.cmd

Modified File

Batch

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\OneDrivePersonal.cmd.ragnarok_cry (Dropped File)
Mime Type	application/x-bat
File Size	1.09 KB
MD5	8636b46b9964a766ac82bc7acf5ce020
SHA1	e692aee2ef6c167a316cb34c968190a876e5bfc8
SHA256	7945c6ce98ffcfb59c1374e3016819ce11d861b2351d2d6ad0bdd716776323da
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0Koz5tavYi5niFZx0G6sjsujDtM/sXddZiR3:i64YzyGwg8eghG0Koz5ta1YFZuG6IhD+
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\Visio\content16.dat

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\Visio\content16.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	320.73 KB
MD5	3e6a5d1de991e0b7a47ea2120f1f0fbe
SHA1	52664760666b4359ba12481c148351696c8e9fcd
SHA256	8f67eee600f96f0f08d90a5afa2e3e34dc674d98557244b9fbc3e41d72d7f396
SSDeep	6144:ayMr2b4StVUCnNHk9CDvQQiSI/BqbOI0KYLYQx2a+i3g85/MvcIZOom7sw71h:ayMkFjUCnNHkImpqbOZKzSg8MZg
ImpHash	None

C:\Users\FD1HVy\Desktop\67Rs4NdS4WM\nid6mOdjGpO\Qu9HQPl4f4Gu\2GUNK_f4PvMJ.mp3

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Desktop\67Rs4NdS4WM\nid6mOdjGpO\Qu9HQPl4f4Gu\2GUNK_f4PvMJ.mp3.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	98.62 KB
MD5	6198d9f1acb6037f6d99570768c85571
SHA1	3bcfe223080c635b7f2265caccc452386631f885
SHA256	e790b5cf408ccde65c34fda42ad11a76e0433fd24e0c3e6d6e6afbcecefbed75
SSDeep	3072:WfjmcYTc8iL2YZJiFzPxZYFKZAzpvj0PY1:W6c4A2YZJiFzbANwPY1
ImpHash	None

C:\Users\FD1HVy\Documents\GVdr6v_443\naYQg9mk\B jK20Ys4_ E\xXNVx2L7IQ3P4oTX6xc8.ppt

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Documents\GVdr6v_443\naYQg9mk\B jK20Ys4_ E\xXNVx2L7IQ3P4oTX6xc8.ppt.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	60.23 KB
MD5	f1dd6d0f11e1e03694d81df1924d2b0c
SHA1	abfcb031d47390647242488ed877ec9fb4fec435
SHA256	b95d445b96c64d7ad558277db6d52bd4e17b335b81db5bf8aa0bb8dcec8e5143
SSDeep	768:glIKDcRbAo9//h30fVzcjmSTZKe/WueX11mA+W7I4qCV+4/BXM5tHK3UEXOP56i8:gAbAKAYNl/BY11wL4qH4/BX9kE+X8
ImpHash	None

C:\Users\FD1HVy\Documents\GVdr6v_443\naYQg9mk\AUwNahu\xax2VvLZX.rtf.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Documents\GVdr6v_443\naYQg9mk\AUwNahu\xax2VvLZX.rtf (Modified File)
Mime Type	application/octet-stream
File Size	56.18 KB
MD5	3865a33d923a528ccd0df0499eb57001
SHA1	3aacea8882248dd1fc285315d533f4e78d967c0e
SHA256	10b56e752289c412edb3aa2cc4b96ec517405e2cd9210434cf1aade56d954e73
SSDeep	1536:zAFNu3y8sX4EDKANRR8IMTZC9pXI2f+jAy4Ue:kFNu3o3DKABheXGiArUe
ImpHash	None

C:\Users\FD1HVy\Music\HFbT7130 UW\0a_DvVXrZ6Ps\TOAC\M5uxNPoePz3ivk2.mp3.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\Music\HFbT7130 UW\0a_DvVXrZ6Ps\TOAC\M5uxNPoePz3ivk2.mp3 (Modified File)
Mime Type	application/octet-stream
File Size	10.71 KB
MD5	7dcda72d622ccc8bf4b8af7a44e94ed1
SHA1	4addff52de06983c8e8941ea398163ba0ce17b8b
SHA256	cb769e8b632d1d2a4eaf8b4c68b9180b40a788654d2e9b4bbfb8decdca09a6ac
SSDeep	192:n6TKQ8j+KRglftfw7kg9l425pdTWB7Yl0sBRN0qPDKjI6vMyZDjvJiSYZy3cw:3jPgllwQg9K2rtW5YGsLNZ4XkZicw
ImpHash	None

C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\en-us.16\stream.x86.en-us.man.dat.ragnarok_cry

Modified File

Stream

Unknown

»

Also Known As	C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\en-us.16\stream.x86.en-us.man.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.03 MB
MD5	ce974cb397483a5673770efbcf546ae4
SHA1	10c6f7dcef3703c28dcf75a476869c56afd5e9c1
SHA256	5ef2537bf8a8dc62dfd2b8100e22a668c20645073546c19c282b5f19ffa98e49
SSDeep	24576:V0Heb6tYG5F8ayKG3mFxF113XMOdssDnFqbLq7tZtnWtvEEPC9gt2:V0rtYG5Cfvm/F1p8Z4FqbLKqEYyR
ImpHash	None

C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\x-none.16\stream.x86.x-none.man.dat.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	c:\programdata\microsoft\clicktorun\productreleases\5a65c4d7-3cdf-4be4-8560-f036d300c13f\x-none.16\stream.x86.x-none.man.dat (Modified File)
Mime Type	application/octet-stream
File Size	4.38 MB
MD5	903e41a5bbb122f460033b51215d48ed
SHA1	7d30e28d9ce6b239dd7f518ff715d217719a9aa0
SHA256	fc25ecb9d1ba168d3a2056bce5a321bac6b5f315616cbc34cc2e605664569e52
SSDeep	98304:9psRqJEzxKkd/z90rGmobCrI6agcHoi4PcWB1xIr4HNsVii2UUJMaAQg:3sRqJEzxKS90r9rI6TcHh4ERrezHZDdg
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr.dat

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	62.68 KB
MD5	00617037de6c60c67e2e03922026829b
SHA1	21498dc3966fe934ecfbd494251fbd6e1ba3923e
SHA256	265227fd9f2442185fb4059ddc47ea06c07255d88532796e921a8a92fe2374ca
SSDeep	1536:TpT5EhGsUm4qJzF+2kC2VlAk5opGQveCpSF3G7dDE9sNIYcIj:NT5EMsUm4CzFlulAXoQyG5E90Ito
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	107.68 KB
MD5	c22c43a68f890442cafcc22804340b94
SHA1	2a56f56ff375c9de8b0db931cb28a6e7adf40c4c
SHA256	cfe38676397642195e4a11bd961c55909539c59796d8ca60da21b797ce7cc505
SSDeep	3072:UEmq5BNirjTk4Km70e+rciu6VE576HqPayUX:5WrjQ4Km70eS3Ex6sUX
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NBLGGGXW3P8.dat

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NBLGGGXW3P8.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	7df7bc37cbdb9cd8eea1eb4917b4706f
SHA1	3e9bcbbea6ab16f1832af7ce29f4c57ee01842c0
SHA256	4c00751d684fb2eaaaf9ac53f2167190ccee979ac7b8a9c37d41da91be552fc1
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0Koha98PhelTwsk/jBdY+DjiMhhogxjkeLfPK:i64YzyGwg8eghG0Koha9nlTwsk/NlDjs
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NBLGGH10PG8.dat

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NBLGGH10PG8.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	f32a63a83160da4aa7bb22b778a96bd4
SHA1	64aac5191eb4e1b6f62250d83a1701fc37b6d0d5
SHA256	14f2bdda64fe686f8717432de7ceb0153ed10db88a0836dc67bae555874de635
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0Kol7vDhisHc7N3krjHg66XxefVZLi/OyzHtM:i64YzyGwg8eghG0Kol7vDhQ3k5MWZLi4
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NBLGGH42THS.dat

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NBLGGH42THS.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	6b4124958906a06e378429a078581aba
SHA1	2f92a7c1fca0c22538f54f91ad4cd96c1a5286c8
SHA256	02c8a90d7c0bca4e46a2eb48fdc50b826807a497747467d7690caa8fbb004f3e
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0Ko8TrwdqzLPh8Sk8g0SFqvDmVSi4oc3a5gHx:i64YzyGwg8eghG0Ko8gdOLZEqv6VSFoM
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NBLGGH4NNS1.dat.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NBLGGH4NNS1.dat (Modified File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	cfbfba8c320ffcbe1225da4fd2c8bbee
SHA1	8931692e354ca74d6977a928dab1075959f341f9
SHA256	a6eaba3462d35b556a8639faaadd2a76da91d2b3af892dc93222c11a0fb96a7d
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0KoqD+GE2fX1NuqtsqPag0ZkBIbdte0ko62Li:i64YzyGwg8eghG0Ko4+mjuqelgakBIbq
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NBLGGH4QGHW.dat.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NBLGGH4QGHW.dat (Modified File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	0c1badcb4af774eb8d61cf6a58c0f556
SHA1	7d12690869b41cdd34f1f05bbf3cdb40e829ea3d
SHA256	ab2ff37162d5a8558160d7f0202078317b6361d8d3de126b57461331e2602607
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0Kod5V1kA4dOQa7ubhABmjjn5zwwUrEgYJan6:i64YzyGwg8eghG0Kob41a7ubv35zcAgW
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NBLGGH4R32N.dat

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NBLGGH4R32N.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	a2ab115106dba915d37e0e5c2b2965b8
SHA1	d7f230cebdad930f01ebfddaff2beedc56ddccdb
SHA256	ceeb4767b9700e398c3c4f042ad8b07ea89d130340e8b47fa6142f2c58bc8326
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0Ko1mHM1GzNppWwF0G7ZOKEzNE27VoMVYRkme:i64YzyGwg8eghG0Ko1fApWbG7gKEzNEG
ImpHash	None

C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\x-none.16\stream.x86.x-none.man.dat.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	c:\programdata\microsoft\clicktorun\productreleases\a6a87302-92ae-41f2-ac52-73f5ee18259f\x-none.16\stream.x86.x-none.man.dat (Modified File)
Mime Type	application/octet-stream
File Size	4.38 MB
MD5	1d957d57c2f1eba1043b22934406f983
SHA1	4b9700a62725715e5f78fd288470706924ed0c19
SHA256	9f0d2a9b42ec9acbd61feb3b666e7695a457d1cd22c38a88dce767027d3279e0
SSDeep	98304:JUgG0YX85XJHZbVJri9i06VEFcRJCr1jb13W1Lbd:hG0fHZbVJi9B6yYMR1W13d
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NBLGGH537C2.dat.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NBLGGH537C2.dat (Modified File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	4f353cf504fd25a1c5d65b11ab0a09e7
SHA1	12ec4ce8a12a0e3d7451088bc21e433875934b4e
SHA256	7e493478ba3409b41e7992610dc07041f895e37b08678a2677885834ad864812
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0KoatF10PEF1dF92IBcu38hMT//VIlzXFRUnj:i64YzyGwg8eghG0KoatoEF13clhMzQze
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NBLGGH5FV99.dat.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NBLGGH5FV99.dat (Modified File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	e56072449ce638c47cb8c5000bd8238c
SHA1	b9f08a26e8aba6b479597224b8a00be49504ab7a
SHA256	2435368282481e942dce88887e83570603a53fa5d07cb1433351be5eb71b5f15
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0KoggScJdwLZlZxthQnt8GXLR5b2QkSG8jMHn:i64YzyGwg8eghG0KogBLxhQtPXT2NSEH
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NBLGGH5PNB1.dat

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NBLGGH5PNB1.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	c4109398361c1a48ea4e29f9e5a2be9f
SHA1	471bf33a652c54d2abfac908c164a5fa811a9456
SHA256	374d11b188a28211e209e600817ebb27f0d0b1292e26e9416f85ed26370e7b7f
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0KoNHkPwK2j6lhg14pqkN2JmcutmEP7yFiBOo:i64YzyGwg8eghG0KoNEPzPlhA4pTQrd8
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRD2G0J.dat

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRD2G0J.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	df98353236869dee171bc597757919d0
SHA1	5fc2aec0426af2b3181b7a8009e5e4b6dca73592
SHA256	e09f32d159726eddf8862cfa6e5043dfc72edab8d5ee25532a46aad52555e077
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0KowHBuMBZrDS8gDA5y1urNNMZQLcNLql0xKF:i64YzyGwg8eghG0Kowlb+V31ANsQmmlJ
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRDTBVB.dat

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRDTBVB.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	a0dcee09bae2c60c0b2803d058e92044
SHA1	56c7929d07f2fb2a7c5f306e489710d4209961fb
SHA256	af9165eb09037e26673725057ea312479229669e26f1174a6fbb90a2a9fc756c
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0KojdA5w373GbpjOYbKscgoM+g2MAEIYO8wIb:i64YzyGwg8eghG0Kojduc32pjaxfgnAi
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFHV4V.dat

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFHV4V.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	0553cd6ce0945d8761cf6f5dfa83b7fd
SHA1	49be2e64909453ac0f4131a1d016bd43f7e85822
SHA256	bd68e2a4f9ca6e37be88fdebedbdbd1502f06e14a6ca661ab485512dea82a509
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0KoloSPuD1orAtjSN5SMm625hbopvmuPK6bzj:i64YzyGwg8eghG0Koloy2MA1kFmVopvZ
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFHVFW.dat.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFHVFW.dat (Modified File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	a11eabe61bd7359ca4bb0e799efc34d2
SHA1	887f6e42e66cdf7a121e198b0d3c06071ba697cf
SHA256	6df90004cc5958fff1a984aacdb748c9ebd8df2b5072005c241da5d36b2ad3f9
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0KoDB8UBiEmrBEbhuGNRgkmXP/YR7CRYzkj2c:i64YzyGwg8eghG0KoDBFBiEmrBEbTNRM
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFHVJL.dat.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFHVJL.dat (Modified File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	8d5502eb58b3ef9ce1d8458ada20ad1d
SHA1	bd1496cd15808af4c3eea5f3f12e90653f8f82e3
SHA256	a6adcd3c27ef197d7fac4447b31ce7bca2ac4af3e5e64bc003f6fc13dc4ec0dc
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0Koo4mlOmriw8a0Sjm4WJF1GLJCusfYSx+UVM:i64YzyGwg8eghG0KoaN4fSjm4WJX0J9f
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFHVN5.dat.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFHVN5.dat (Modified File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	1d188fd6a98e495887b8f904f9641f28
SHA1	b48a6eb459d1ca96f5c5904c8e597599170096a5
SHA256	bfaf8b45a3e0ec88c688d0fe462c4a05459d6c54735c00d54e918b6f192e1f79
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0KoQuapwI0l/h+HuP9Cum06HGz7ITkA:i64YzyGwg8eghG0KoQuywB/oulnm0cG4
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFHVQM.dat

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFHVQM.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.48 KB
MD5	69c33e4cde2794fe358d1b4467c5ce22
SHA1	ab17dc19ab17fe1ee860cf938cf439ba27d4f712
SHA256	4dae71a31892554dc8ebee31a63cd3fbf31c142bb8d830d409beb27e385689ea
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0Kol1urtv6CiBs/chdSt+vu4U1jsrk334YBHa:i64YzyGwg8eghG0Koz6tjkzStlRjsg5M
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFHWKN.dat.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFHWKN.dat (Modified File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	28668aaf21b7612efe1b77013ceae1c7
SHA1	8082ecae37b95a6a557feacd60746ee49d32e825
SHA256	7d318aae96c87dd0ff4fed5930933d3a3cea0091d8e20b5736b6e4dc6f91d15e
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0KorSP1S4+b1V4UzkaaaghXN5fC/H+DFZ4whx:i64YzyGwg8eghG0KorSP1S41ekaa1hXD
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFJ364.dat

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFJ364.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	83c74a27b2a5d424440a5cdbb36c26c5
SHA1	af5ea68421314bfdd68ed4ff43356f35292d398b
SHA256	304f25bfd299ccf8f5f81dc59a5bd514cbf028fe827e15e879763f4a5540fa26
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0Ko8TDlqWT44OrlTwipNT2kVgYhx1LE8ctwoL:i64YzyGwg8eghG0Ko8TBT44OFDb2kNxk
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFJ3P2.dat

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFJ3P2.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	4f511093ce87b28890eae9c591841843
SHA1	f57ca0444f0705d2ed57c384f2e29a08ef7612c4
SHA256	155bbaaa5b6971f9d0f0bc7e1a63b219e3a6ff2417b721c23a23ad84b709a495
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0KoUMRWWJaquVUDnDKFjpxxGRd+60T6dH2eKk:i64YzyGwg8eghG0KoUOWWQqVDKFjxQ+M
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFJ3PM.dat.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFJ3PM.dat (Modified File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	042d880094217d394de32de901a7bc0f
SHA1	ad2e937117d90c861f7a4aee1decd1716a94b236
SHA256	49da8632c3e41c9a7a3f599618330cf7456185183b3d6d15053bbdb1a9f23514
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0Ko05/mRBSVz/12GlQq1si/FJoI2VRJ1UJek3:i64YzyGwg8eghG0KoC//gGlQq17JoI2i
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFJ3PT.dat

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFJ3PT.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	76096d0fc57269979ad4b24dc4297800
SHA1	2badfd0041b1f38dda7d3c88bfb067f12fb5bb9c
SHA256	a245c4560df09c591c57027447c101d6381ab9e5da0ff201a0313de4c70f40d1
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0KoExjeWJKzFGbf/wWRrdgawdTTvEyBgc9i7F:i64YzyGwg8eghG0Kokjlwwbf/9rOawJK
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFJ3Q2.dat

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFJ3Q2.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	6d69731e913e4ad8f5860d935c42376e
SHA1	643164889018124beb76c3eb4eacf66cdd672ceb
SHA256	2f0eb4e09e9c95a013f7a5a6ff0084ecdfa06826a04e93c1557f941849ba0725
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0Ko62U80Eyw60/3xaUdMFGUlPh68JbaZBAaK+:i64YzyGwg8eghG0Ko6dfYBVgPh/ba/Aa
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFJ3T6.dat

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFJ3T6.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	f3a0675b9ee446c55af65ce7247fb091
SHA1	d6557d2e2cdd8a78574ad385b2da7df558c1a29f
SHA256	5c2ddd764938d0db5a81e42229d48d15f4e9c74b91c8be202bf99f6bb6027748
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0Ko6uM/+5WTEB64rdVFQlyYjNnkuET5j7kqIR:i64YzyGwg8eghG0KoXGEaEBVrdYnkuQu
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFJBBG.dat

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFJBBG.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	f10a3d2fcce353379983ae9bc2c27524
SHA1	5cfa5149472b66cf7ecc9fe185dd40a8dd4eb95b
SHA256	764ce25576cb81d653033207e6febd557862d6d2914a277752a1bd1675370927
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0KoTbOWf46RwmEqv5dPZgHRSP3360wZISPhU5:i64YzyGwg8eghG0KofOJ6EqjZgHRsPwQ
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFJBD8.dat.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFJBD8.dat (Modified File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	877891ef637bdea3301e59741e501767
SHA1	fdb1cdd58e145275dfe75148d3d46e9727b28fa5
SHA256	cbcababc96970c2ccfca221811820ea8891e7a77f1d2b90fede7ee7788f88517
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0KoYwLcwfHuzIjSzCZY7+njsoCmT+013YHJMS:i64YzyGwg8eghG0KoYwLc1eKojsor35y
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFJBH4.dat

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFJBH4.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	7e985310dffaa8f5dc8f5f9fe6be73c2
SHA1	ffe0720a70db91e3462819fec8bab6edcadcdc20
SHA256	c956c07d6be0174dad48eb35e211c74d26c7c0c26bd13bf07973b70827c723ed
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0KomfFmbYeAViToGJGX8bGn9kDKcroSXWafEG:i64YzyGwg8eghG0Kogm9AVhMGX8bGn9c
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\Office\OTele\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\Office\OTele\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat (Modified File)
Mime Type	application/octet-stream
File Size	2.40 KB
MD5	a8fee2d4e5b13561b7e17b7e6ae1f6f8
SHA1	0d75180da01d2bda61a8c099f826f081ca733bb4
SHA256	7c4d537ab5fdb23c75468d89606bde8ed52f92449743db147032dce5d72fbb95
SSDeep	48:i64YzyGwg8eghG0KoNq41vbYj3T4GLlplcH6QD40mbHfcjWJjyX9:izkJ4TKoq+bYj3MYpWa84HbHfNU
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\Office\OTele\{6E699364-D728-4772-BD21-24A21748BF64} (0) - 3932 - excel.exe - OTele.dat

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\Office\OTele\{6E699364-D728-4772-BD21-24A21748BF64} (0) - 3932 - excel.exe - OTele.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.13 KB
MD5	c048dcd27ea18f091d60c09c7c25dc47
SHA1	f23f482b9c1209231be89781685124cfdd939e60
SHA256	ce8f035ebb0c886a9e6d69cf1cc55b13e11fc79338fdce6da908d6c22d24b920
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0KoKwkxtNXZu3xMoNopg4u3IRi3Tc1qIHWESz:i64YzyGwg8eghG0KolUNX4No24uYRijH
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\Office\OTele\{6E699364-D728-4772-BD21-24A21748BF64} (1) - 3932 - excel.exe - OTele.dat

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\Office\OTele\{6E699364-D728-4772-BD21-24A21748BF64} (1) - 3932 - excel.exe - OTele.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.29 KB
MD5	319b2a388a0ac7d3589b6ab704210f41
SHA1	2d8426b1c43ce3bc3c8ec74f841e0fad93e8af0a
SHA256	907a4bafbbbc754cabd4b39d7ed40935fb619035011c981ece7980b1d147ee3a
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0Kol4RJgef4CgvtiLN3nk81lEsoJ1F4/QKiZ:i64YzyGwg8eghG0Koya0Z7esY1eiZ
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\Office\OTele\{6E699364-D728-4772-BD21-24A21748BF64} (2) - 3932 - excel.exe - OTele.dat

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\Office\OTele\{6E699364-D728-4772-BD21-24A21748BF64} (2) - 3932 - excel.exe - OTele.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.29 KB
MD5	95d7a448ae978414b14101b2a79e6d02
SHA1	d75eb428f826e076e3490fa0658d9039a72755f3
SHA256	eac5cf141b1ba4465cad1e325dbea4f85f03ac79aa58a9d8b01ab2a5051dc1a1
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0KoJyh2uEKMEoCQb+PTZCnW8zqpzmTLuyi1UH:i64YzyGwg8eghG0KoIDEfErc+PTZCnWA
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\Office\OTele\{6E699364-D728-4772-BD21-24A21748BF64} (1) - 3932 - excel.exe - OTeleMediumCost.dat

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\Office\OTele\{6E699364-D728-4772-BD21-24A21748BF64} (1) - 3932 - excel.exe - OTeleMediumCost.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.51 KB
MD5	15fc03a3b68e7699316d1d706db7efda
SHA1	9e533318a3493fc88fa534cc3724c133c7ef2f5c
SHA256	60239f83f8ce2605054f696a8585142cfde28a5d5912c74a904b484ee868da8e
SSDeep	48:i64YzyGwg8eghG0KoC/S3InVaT1lGVBbuHlAiaZcPC/bDG:izkJ4TKj/AIVW2VBbM6iSFby
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\Office\OTele\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTeleMediumCost.dat.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\Office\OTele\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTeleMediumCost.dat (Modified File)
Mime Type	application/octet-stream
File Size	1.51 KB
MD5	40e145068859d6009d1fc2bc84ef0878
SHA1	58b731fe00c567880dc88c9ed56835eb357838f5
SHA256	36e716bace76750b8360f44ec553a1f37aaed42f2751dc4c187f6fed02ae1160
SSDeep	48:i64YzyGwg8eghG0KoEHvhY7Mrswo7AF59EIb:izkJ4TKpJ0MF5qIb
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_1\AppWhite.png

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_1\AppWhite.png.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	3.99 KB
MD5	b07c495deddc7f0a1aa13bc570d5f605
SHA1	c77fd4320e6ba7f483dc8c1d3067c4e8082c9ad0
SHA256	c98a0a3f91759c503bff2c4d667cebc8227413b1e07a27af9074e84256c8c406
SSDeep	96:izkJ4TKhnhPQ1gINX6Jv6fcihVe8iFuJcd1duMn9G8tw5EDB6V:n6TKPPQK/6EOVJiFu6cSJa
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_1\AutoPlayOptIn.png.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_1\AutoPlayOptIn.png (Modified File)
Mime Type	application/octet-stream
File Size	11.01 KB
MD5	7db536886b63fbc68e83e286ed48af83
SHA1	7bc0496ea741717bb744d62a56f25a00e71782b2
SHA256	e1cc7bffb59daabc8450669d5a83b526336240ba4def18fcef1f1cccb89f59f1
SSDeep	192:n6TKKkSvPM1Ge2vcdJcbyjRVWQ+VUQQlQJnXEkwQyrHAF5Ce9RRBEeojDBuZY:LSkGLcdJuyjRs9QGXEkmUsedBEVDBuZY
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_1\ElevatedAppBlue.png

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_1\ElevatedAppBlue.png.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	8.23 KB
MD5	dcea812255a84b98aa2f6ab549818edd
SHA1	e180c34a235475da6db5172b812764f6033edc8a
SHA256	76488522478f4042dbddf97fdbb4311abf7b20901e49be1ef6e2ab9224854a31
SSDeep	192:n6TKVn+QA3sVJfAC/l/Hl/spg4HuXQmnJ4xIy:zA3sV5Ak1lF4OXixIy
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_1\AutoPlayOptIn.gif.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_1\AutoPlayOptIn.gif (Modified File)
Mime Type	application/octet-stream
File Size	375.26 KB
MD5	655fa10146a2e54c2d837d61e0dafa79
SHA1	3b98379b66efbed1446c1f3f57cf53d622a0c09c
SHA256	c214b76d86aee247063ab038891b37cc31c7bd26947843c05b9800265447a99e
SSDeep	6144:p5VCXT3x6tR280nOr075LZ3ENWBBB7SnboesV+hN9vk41lLYRBkxaRN9Alubx1Lu:pL4l6tR280nnLy+2bFTNFtgOxfly1LVA
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_1\ElevatedAppWhite.png.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_1\ElevatedAppWhite.png (Modified File)
Mime Type	application/octet-stream
File Size	5.96 KB
MD5	38aa4e98dcc8e0888ae1e8d9a5bda53a
SHA1	d19ff13ca29c86c3241f26df8148cfd9e237d674
SHA256	1a11bd0e5e9cde3928abcf6c1eaafd02ddc51bb9fe0e82674aa105e93db5f57b
SSDeep	96:izkJ4TKAL2tnr4vP2vrkdopqGgXlicDqv9iXvORgXIahf0pFkDJZRc1LLQNv6JwS:n6TKAL2tn8X2ngViaklgR1GF6JGeyJwS
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_1\OneDriveLogo.png

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_1\OneDriveLogo.png.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	5.57 KB
MD5	a56df1d7dec42ec4874534ba07732689
SHA1	afdc4d483bf9e09f9e6c1b04f7fcc8d1ec632ebd
SHA256	da9c8730e284bd18a9cb3c9088628832a057585c265d6e98954e7bcd650109dc
SSDeep	96:izkJ4TKzSiG+GGeVlbaLGqGuRxt+BxwqxQBtDMo/YabE4PwUvVN8X/j9fPymdNF:n6TKBPGliuu00qxIblPlNmfPym
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_1\Error.png.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_1\Error.png (Modified File)
Mime Type	application/octet-stream
File Size	8.62 KB
MD5	13afce59b866a2e4f7846fb87656e904
SHA1	188175cab71bb96c470419a9c28a9c0486304028
SHA256	362e99a3f52636f440362dff3350817ea5a18f917cd4a808162a72a891d3b875
SSDeep	192:n6TK198D5EAkoXmtVAHtFqePv3XnjyRiu1BEpdzOG5V1FtY7G:d8DCJAvHneMuUdz3Y7G
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_1\OneDrivePersonal.cmd.ragnarok_cry

Dropped File

Batch

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_1\OneDrivePersonal.cmd (Modified File)
Mime Type	application/x-bat
File Size	1.09 KB
MD5	630edcb99195733fc00044136683997b
SHA1	db63b3734e49f4629a063d8b33509c4e123d3716
SHA256	891dc9c50ce3bb4888f0534d0a4c5c30a0b1237f16de49a3f5d30fef3cdf058d
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0Ko3iruAQVsJstgzdzriwoRu80nrv:i64YzyGwg8eghG0Ko3Aula0Hu86
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_1\QuotaError.png.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_1\QuotaError.png (Modified File)
Mime Type	application/octet-stream
File Size	10.09 KB
MD5	994c34caaf7758bb1ddd551351a7a6fd
SHA1	c74a94b71fd3792da24b8fc0702b45a9fcc2153f
SHA256	441132cebf78dbf6a4f3f8b1bd124be428fba250413a32396f118e2c39116048
SSDeep	192:n6TKAtWtdaL1xQB4R0jgy0sbmICqJnb+Hxj6HF5bluVATDACUu2v:GGmQB190sbmICqqjixIoC
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_1\QuotaNearing.png

Modified File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_1\QuotaNearing.png.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	8.35 KB
MD5	3f10a04036489e4192c8156bba5e88b8
SHA1	ea903dac09884a6419c8cb35843e35223d174504
SHA256	5fc927b983ff316b0c418725c71c179a48bd99be4039228896bdbf9a46f29935
SSDeep	192:n6TKI6buZlHZCS93RFgbKFJ8A2RkzeIiNHa:m6bClHf93RFgbqSXRnDHa
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_1\ScreenshotOptIn.gif.ragnarok_cry

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_1\ScreenshotOptIn.gif (Modified File)
Mime Type	application/octet-stream
File Size	238.80 KB
MD5	5ce002b5000f885973ec6a77fb0565aa
SHA1	72df2772aa56f7de93153104acfc59769c99de25
SHA256	f8d24b9331e94b9c0eedc7fdc5522b52d7e18f929465d4b2289cd6071dccd92d
SSDeep	6144:UPZkvJaj3E+hs7VBnHvUdTp7qwlw+TsUy/:UeJaj0LHwTpewlw//
ImpHash	None

C:\588bce7c90097ed212\1049\How_To_Decrypt_My_Files.txt

Dropped File

Text

Unknown

»

Also Known As	c:\programdata\package cache\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\packages\vcruntimeadditional_x86\how_to_decrypt_my_files.txt (Dropped File) C:\588bce7c90097ed212\1046\How_To_Decrypt_My_Files.txt (Dropped File) C:\588bce7c90097ed212\1036\How_To_Decrypt_My_Files.txt (Dropped File) C:\Users\FD1HVy\Desktop\How_To_Decrypt_My_Files.txt (Dropped File) C:\Users\FD1HVy\Music\HFbT7130 UW\How_To_Decrypt_My_Files.txt (Dropped File) c:\programdata\package cache\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\packages\vcruntimeminimum_amd64\how_to_decrypt_my_files.txt (Dropped File) c:\programdata\package cache\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\packages\vcruntimeadditional_amd64\how_to_decrypt_my_files.txt (Dropped File) C:\Users\FD1HVy\Pictures\How_To_Decrypt_My_Files.txt (Dropped File) C:\588bce7c90097ed212\1041\How_To_Decrypt_My_Files.txt (Dropped File) C:\Users\FD1HVy\Documents\o1Rxg9ErX6xmX\How_To_Decrypt_My_Files.txt (Dropped File) C:\588bce7c90097ed212\3082\How_To_Decrypt_My_Files.txt (Dropped File) C:\Users\FD1HVy\AppData\Roaming\How_To_Decrypt_My_Files.txt (Dropped File) c:\programdata\package cache\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\packages\vcruntimeadditional_x86\how_to_decrypt_my_files.txt (Dropped File) c:\programdata\microsoft\clicktorun\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\en-us.16\how_to_decrypt_my_files.txt (Dropped File) c:\programdata\microsoft\clicktorun\productreleases\a6a87302-92ae-41f2-ac52-73f5ee18259f\en-us.16\how_to_decrypt_my_files.txt (Dropped File) C:\Users\FD1HVy\AppData\Local\Adobe\Acrobat\DC\How_To_Decrypt_My_Files.txt (Dropped File) C:\Users\FD1HVy\AppData\Local\Microsoft\Office\OTele\How_To_Decrypt_My_Files.txt (Dropped File) C:\588bce7c90097ed212\3076\How_To_Decrypt_My_Files.txt (Dropped File) c:\programdata\package cache\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\packages\vcruntimeadditional_amd64\how_to_decrypt_my_files.txt (Dropped File) C:\Users\FD1HVy\Documents\K7F1p\How_To_Decrypt_My_Files.txt (Dropped File) C:\588bce7c90097ed212\1045\How_To_Decrypt_My_Files.txt (Dropped File) C:\588bce7c90097ed212\How_To_Decrypt_My_Files.txt (Dropped File) C:\Users\FD1HVy\Desktop\67Rs4NdS4WM\nid6mOdjGpO\How_To_Decrypt_My_Files.txt (Dropped File) c:\programdata\package cache\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\packages\vcruntimeminimum_x86\how_to_decrypt_my_files.txt (Dropped File) C:\588bce7c90097ed212\1053\How_To_Decrypt_My_Files.txt (Dropped File) C:\588bce7c90097ed212\2070\How_To_Decrypt_My_Files.txt (Dropped File) c:\programdata\microsoft\storage health\how_to_decrypt_my_files.txt (Dropped File) C:\Users\FD1HVy\Music\HFbT7130 UW\0a_DvVXrZ6Ps\How_To_Decrypt_My_Files.txt (Dropped File) c:\programdata\microsoft\clicktorun\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\en-us.16\how_to_decrypt_my_files.txt (Dropped File) c:\programdata\microsoft\clicktorun\201eb7df-c721-4b8b-9c81-a09de7f931e6\x-none.16\how_to_decrypt_my_files.txt (Dropped File) C:\588bce7c90097ed212\1028\How_To_Decrypt_My_Files.txt (Dropped File) c:\programdata\package cache\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\packages\vcruntimeadditional_x86\how_to_decrypt_my_files.txt (Dropped File) C:\Users\FD1HVy\Documents\GVdr6v_443\naYQg9mk\AUwNahu\How_To_Decrypt_My_Files.txt (Dropped File) C:\Users\FD1HVy\Documents\fIpsW1zfY8n4VRy\How_To_Decrypt_My_Files.txt (Dropped File) C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\How_To_Decrypt_My_Files.txt (Dropped File) C:\588bce7c90097ed212\1031\How_To_Decrypt_My_Files.txt (Dropped File) C:\Users\FD1HVy\Documents\GVdr6v_443\How_To_Decrypt_My_Files.txt (Dropped File) c:\programdata\package cache\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\packages\vcruntimeminimum_x86\how_to_decrypt_my_files.txt (Dropped File) C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\How_To_Decrypt_My_Files.txt (Dropped File) c:\programdata\microsoft\clicktorun\productreleases\a6a87302-92ae-41f2-ac52-73f5ee18259f\x-none.16\how_to_decrypt_my_files.txt (Dropped File) C:\588bce7c90097ed212\1029\How_To_Decrypt_My_Files.txt (Dropped File) C:\Users\FD1HVy\AppData\Local\Microsoft\Visio\How_To_Decrypt_My_Files.txt (Dropped File) C:\Users\FD1HVy\Documents\How_To_Decrypt_My_Files.txt (Dropped File) C:\Users\FD1HVy\Desktop\67Rs4NdS4WM\How_To_Decrypt_My_Files.txt (Dropped File) C:\588bce7c90097ed212\1032\How_To_Decrypt_My_Files.txt (Dropped File) c:\programdata\microsoft\clicktorun\productreleases\5a65c4d7-3cdf-4be4-8560-f036d300c13f\en-us.16\how_to_decrypt_my_files.txt (Dropped File) C:\588bce7c90097ed212\1044\How_To_Decrypt_My_Files.txt (Dropped File) C:\588bce7c90097ed212\1033\How_To_Decrypt_My_Files.txt (Dropped File) C:\588bce7c90097ed212\1043\How_To_Decrypt_My_Files.txt (Dropped File) C:\588bce7c90097ed212\2052\How_To_Decrypt_My_Files.txt (Dropped File) C:\Users\FD1HVy\AppData\Local\Microsoft\FORMS\How_To_Decrypt_My_Files.txt (Dropped File) C:\588bce7c90097ed212\1030\How_To_Decrypt_My_Files.txt (Dropped File) C:\588bce7c90097ed212\1038\How_To_Decrypt_My_Files.txt (Dropped File) C:\588bce7c90097ed212\1040\How_To_Decrypt_My_Files.txt (Dropped File) C:\Users\FD1HVy\Documents\GVdr6v_443\naYQg9mk\How_To_Decrypt_My_Files.txt (Dropped File) c:\programdata\package cache\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\packages\vcruntimeminimum_amd64\how_to_decrypt_my_files.txt (Dropped File) C:\588bce7c90097ed212\1042\How_To_Decrypt_My_Files.txt (Dropped File) c:\programdata\microsoft\clicktorun\201eb7df-c721-4b8b-9c81-a09de7f931e6\en-us.16\how_to_decrypt_my_files.txt (Dropped File) C:\Users\FD1HVy\Desktop\67Rs4NdS4WM\nid6mOdjGpO\Qu9HQPl4f4Gu\How_To_Decrypt_My_Files.txt (Dropped File) C:\Users\FD1HVy\Documents\GVdr6v_443\naYQg9mk\B jK20Ys4_ E\How_To_Decrypt_My_Files.txt (Dropped File) C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_1\How_To_Decrypt_My_Files.txt (Dropped File) c:\programdata\microsoft\clicktorun\productreleases\5a65c4d7-3cdf-4be4-8560-f036d300c13f\x-none.16\how_to_decrypt_my_files.txt (Dropped File) C:\588bce7c90097ed212\1055\How_To_Decrypt_My_Files.txt (Dropped File) C:\588bce7c90097ed212\1025\How_To_Decrypt_My_Files.txt (Dropped File) C:\Users\FD1HVy\Music\HFbT7130 UW\0a_DvVXrZ6Ps\TOAC\How_To_Decrypt_My_Files.txt (Dropped File) C:\588bce7c90097ed212\1035\How_To_Decrypt_My_Files.txt (Dropped File) c:\programdata\microsoft\clicktorun\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\x-none.16\how_to_decrypt_my_files.txt (Dropped File) c:\programdata\microsoft\user account pictures\how_to_decrypt_my_files.txt (Dropped File) c:\programdata\microsoft\clicktorun\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\x-none.16\how_to_decrypt_my_files.txt (Dropped File) C:\Users\FD1HVy\AppData\Local\Microsoft\PenWorkspace\How_To_Decrypt_My_Files.txt (Dropped File) C:\Users\FD1HVy\AppData\Local\Microsoft\Internet Explorer\How_To_Decrypt_My_Files.txt (Dropped File) C:\588bce7c90097ed212\1037\How_To_Decrypt_My_Files.txt (Dropped File) C:\Users\Default\How_To_Decrypt_My_Files.txt (Dropped File) c:\programdata\package cache\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\packages\vcruntimeadditional_amd64\how_to_decrypt_my_files.txt (Dropped File) C:\Users\FD1HVy\AppData\Local\Comms\Temp\How_To_Decrypt_My_Files.txt (Dropped File) c:\programdata\package cache\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\packages\vcruntimeminimum_amd64\how_to_decrypt_my_files.txt (Dropped File) c:\programdata\package cache\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\packages\vcruntimeminimum_x86\how_to_decrypt_my_files.txt (Dropped File)
Mime Type	text/plain
File Size	1.95 KB
MD5	7b5a3869011d94b69b6eda1a1ad6b0a1
SHA1	1a2e61ff7e6dd1b8ac09ae3e12617fd110c840fe
SHA256	95f2f930f12bf008db8cc07bac6723f1ba2d8747291fc807718d4c037e0f2e01
SSDeep	48:YR092R9ZNIHsU2cSUpw9MdTfAQa2R4GPknMXAGUw9Wu64WIUNRu+w2F2:2jRbNIHsUvpwQnR4GP2MQHmdWI2sS2
ImpHash	None

C:\588bce7c90097ed212\watermark.bmp

Modified File

Stream

Not Queried

»

Also Known As	C:\588bce7c90097ed212\watermark.bmp.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	102.65 KB
MD5	a1c0816a944af5d3836f919414902434
SHA1	c01ca340eb40effbde0753118fb654577bb8f3d4
SHA256	bc4c6dddbc4fd1c9e586926b22db032b76b59a9e1d82fb6e3efe12f57cef69d3
SSDeep	3072:0aPz4x6xprskjUHWOL5fZefuUv04U6NQoRynoRq641:0aPzfsdWG5xef90P6eoRyogr1
ImpHash	None

C:\588bce7c90097ed212\1031\eula.rtf

Modified File

Stream

Not Queried

»

Also Known As	C:\588bce7c90097ed212\1031\eula.rtf.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	4.35 KB
MD5	01af5a1c28737049254619a2d409ccc8
SHA1	8a79ac357aa3fb02fbbd66f5452f35ce524d3da8
SHA256	a357ff44b319d63253bf863441de2cebfe5bd907c06bbc8d0a8f8a6cbe44b961
SSDeep	96:izkJ4TKHpTOivyMAyy3XMQHQBkk4mZj/xiWu0AakyF:n6TKHpTgMxQQB/4mZQV0GyF
ImpHash	None

C:\588bce7c90097ed212\1037\eula.rtf

Modified File

Stream

Not Queried

»

Also Known As	C:\588bce7c90097ed212\1037\eula.rtf.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	7.71 KB
MD5	6996ed22cc87281c44c46cbfb078192e
SHA1	e9ee3fcf7e66d81a1d829bc1b5da957159e28e85
SHA256	466c147b402e0c7c027b663044febf8bcf6548a60c03fbb6d55ca0900c3eb1ce
SSDeep	192:n6TKS5G4DfNlMqaC8WhPXiP2m57LH1IBNLTfTRxIzsmNZ:ck4puqNXi932BNL/WVZ
ImpHash	None

C:\588bce7c90097ed212\1045\eula.rtf.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	C:\588bce7c90097ed212\1045\eula.rtf (Modified File)
Mime Type	application/octet-stream
File Size	4.96 KB
MD5	3957d7131ce900fded9f73e46057708e
SHA1	bcb39a958c5799a95d8e8de53f27065fd16e3301
SHA256	648fd4d32b7815bcc9cdc0721116c31fb8b8beaad24aaa69c97cb68336473f32
SSDeep	96:izkJ4TK/p+849UCvsKnrFcUE5QDWXmi/v2n7LL0RQCPcxMFPUzBHPkfTQAz:n6TK/p+3FEHUrSt2nXYxP6Myz+vz
ImpHash	None

C:\Users\FD1HVy\Desktop\0UtczcsCbVrdnBDJYndI.mp3.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Desktop\0UtczcsCbVrdnBDJYndI.mp3 (Modified File)
Mime Type	application/octet-stream
File Size	49.59 KB
MD5	12022bbc723dd2a5f9f3c47b17f4bfc8
SHA1	e8dd2be388d8ae1a5bc57906a53fd55d2f973ec4
SHA256	a343f7cfab330eefab298ee7f3061c5168f5803bfc24b309e12b59d1210959d6
SSDeep	768:J1+lZu0nireAs7QefYpQ1QqA8A9O9jdpmJZ2SYUfnFlkhfoX6VI:J1+Lu5lyVuQ1wO9jmzYcLkhfEgI
ImpHash	None

C:\Users\Default\NTUSER.DAT

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\Default\NTUSER.DAT.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	257.01 KB
MD5	baf9898719c0fb997a672fa6d72f5af6
SHA1	7bbadafb905401fed32e98d538e7d31ca87b4379
SHA256	d9ab15689d0d98d69f9b84a74ee24891c53b6e968e8bccd374b21d5e63ac48f9
SSDeep	6144:Too7FrUxfwix2+wC5VH0/x1eAiNULwAXcu9UHCyiRVV:8eFYpkrC5VH0y8vOHCdV
ImpHash	None

C:\Users\FD1HVy\Desktop\7_idhvwzViqp9yJJjd.csv.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Desktop\7_idhvwzViqp9yJJjd.csv (Modified File)
Mime Type	application/octet-stream
File Size	21.63 KB
MD5	fab0d91648f00c592950566e7c54d45c
SHA1	99869a0aae3499a82f80ebfade65832d73bf3da2
SHA256	161a308d801061abbac71c5a836ae96418475551c26a90c86c6ee79ef9728216
SSDeep	384:gCpty9z9DWGaVyYqOmnJXY+OzJ0PdRZK64mpB+kUtTm8uAEajFWvCtm+ohV4k:/wZaVyxXYD90Pl2kUttEaRWq1ojB
ImpHash	None

C:\Users\FD1HVy\Desktop\g8O8.png.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Desktop\g8O8.png (Modified File)
Mime Type	application/octet-stream
File Size	73.07 KB
MD5	bf37f7a932ab8f8a7c69466cdbfc98e4
SHA1	908f619ee526ec80cb631570b1f7ad16ccda05ef
SHA256	4a92fc5460b5f36e7a7d4e6ad37b3565b99f8a1d54ad5fc570cf8b16c10b71d4
SSDeep	1536:GlgwLpUzv3zs4qF8WBqXQqDe+uJ1PuVOSByRk/QhJQlCWxL40dTd:qgwLpUT3z+jBqg4416OSBcBKCWHd
ImpHash	None

C:\Users\FD1HVy\Desktop\S_xgEVrampBsf3HS5.png.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Desktop\S_xgEVrampBsf3HS5.png (Modified File)
Mime Type	application/octet-stream
File Size	97.52 KB
MD5	a0701803aa032f55f1ae2c757158baba
SHA1	419ec526e1d372e9d5f93f1a354fbb1a8d15f910
SHA256	2dec537ca50f69c33d47ccffb7b9edc97242d2326a85635ee96da5a2a8e395ec
SSDeep	1536:8F7IPQP8tqjqQKZFy60v8Iyw6Z+6EO2kRZvtVVb7yAvA6qaLWQdIXPt78ZT:xP0qA14wHvj6EO2kPNbjPqk/dUPxe
ImpHash	None

C:\Users\FD1HVy\Desktop\wGUv_BvWC3z-JCPD9v.gif

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Desktop\wGUv_BvWC3z-JCPD9v.gif.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	81.16 KB
MD5	418dc065074ff54072736b0e0e54c19d
SHA1	dcad4b60de1210ff0fdd7f78f7793eb05ed7c75a
SHA256	1b8170356c4ceab63eabfd748733bb8c4b255cfd08e9ebabcd7d8b658af3b031
SSDeep	1536:hksk4AGg6AyOqu/0IsZq9iy1wD/QdtEGbyldY18cWhMG5rrxm7D:hEWO70IsZNoLEGbylS18BtrrxyD
ImpHash	None

C:\Users\FD1HVy\Desktop\z9XUp01vJIKkgVq.mp3.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Desktop\z9XUp01vJIKkgVq.mp3 (Modified File)
Mime Type	application/octet-stream
File Size	58.88 KB
MD5	0a38afd8b56d54773f5e01f5c07a15df
SHA1	440425b54b58b117b1ff5293fe76c19f51236ea2
SHA256	c8583e8a09228a447bad3dc5e8f34301d58b127f8037c1ae72ffa78eebfc33b5
SSDeep	1536:rrxsK0w5yMgJ13JB2hz8K6xQ4fQVtKUVYVJJOTwA:r30w5uZEz8K6xQ40KJ4
ImpHash	None

C:\Users\FD1HVy\Documents\VxcwUCeA9.pdf

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Documents\VxcwUCeA9.pdf.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	27.68 KB
MD5	54379351a6d835c4ba0ef63fb563c6cb
SHA1	939732d051c42517e09c4307adb10efcb95cf9c8
SHA256	dc306edb17bfc7f1b7794bd5c788e6e365f9126dd54573f90ef088119417266e
SSDeep	768:6s3ZQq2H05qosF4yhZ9uCcKfVwFdpueWiS50:3b2H05VsF4yx5dwue80
ImpHash	None

C:\Users\FD1HVy\Pictures\0RIhI8h5f0kaej Ic6.jpg.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Pictures\0RIhI8h5f0kaej Ic6.jpg (Modified File)
Mime Type	application/octet-stream
File Size	29.48 KB
MD5	d49be92267aba39c7b1f3031a4677898
SHA1	920f577c60f54416bde6e184012615c5127d81ea
SHA256	4821c83d759f560addcf8672c65169e5f2c41c0979da5677e616b2a716300ecc
SSDeep	768:GIJwCbjSevNFxIyB/NxpLosmVxYGCnIoe:rvXOUutonIp
ImpHash	None

C:\Users\FD1HVy\Pictures\9HPqgLzuM8W.bmp

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Pictures\9HPqgLzuM8W.bmp.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	96.35 KB
MD5	9c5e8296a14d17f90699b7a5393ddb36
SHA1	fdc7f98e142a8a48930fc71cf1607fad295ca4bf
SHA256	205f09c93c1975e05cc20b2da32e96aa08cafdaace82a4db7da5930d2c515f54
SSDeep	1536:kTX/9QheEuueZKGNH//OfNzNzp+6/VueXe2H6XIAVnJPgn9faNYxNUnRd:kX13ELGNH/GtgkzH7AVnJPgnYYxNUnD
ImpHash	None

C:\Users\FD1HVy\Pictures\cN1eZAbAXYh8__E7w.png.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Pictures\cN1eZAbAXYh8__E7w.png (Modified File)
Mime Type	application/octet-stream
File Size	50.24 KB
MD5	c15a7516b229509340713326149cc3a5
SHA1	a046084dab5734220865c422426f711a6a359955
SHA256	9b789b441c8ceffd3ba9ade8743938818142f0cf3ea0a172b59079444fe5f83d
SSDeep	1536:szu99hvFoqHe1b9roOzZ/9753HyinWGNxj7JDy+DNtwe:sz8xFQ1J0Ol33HLvtfDTwe
ImpHash	None

C:\Users\FD1HVy\Pictures\FawH.bmp.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Pictures\FawH.bmp (Modified File)
Mime Type	application/octet-stream
File Size	56.62 KB
MD5	6e680dd7025277ce393022ec589a201d
SHA1	85e92dba979437b97e97fae21794024fc7caecfb
SHA256	f7ebde153f30a792e6dd03e8850ed5a60719c890e9f9d3cf2b0371ef9925fac5
SSDeep	1536:j6/1dfSHEtaxB2WZQmBl9LG/2lQJ3J64k6EOS1vZnHMC:WsasB2WzL1m5C11N
ImpHash	None

C:\Users\FD1HVy\Pictures\H3aFyVcVItK 68cFQ0.bmp.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Pictures\H3aFyVcVItK 68cFQ0.bmp (Modified File)
Mime Type	application/octet-stream
File Size	17.71 KB
MD5	6cc2d54c8084426d5d3c6024953ad41d
SHA1	d18202c0b2ea0a108cfbcc456cea9c7652f1ccce
SHA256	9f934b14bddb31fbf53b9726d28aaf65f5d7720acd83c8b7d91b102bb1623d5b
SSDeep	384:FkvoiYmMO119K73owgDPXBGS2DLUy4wRicWr1dUq8UdH:FkvoiYmMO11c72GpRIJdL8UdH
ImpHash	None

C:\Users\FD1HVy\Pictures\m1kd_2ltmf4om8medz.png

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Pictures\m1kd_2ltmf4om8medz.png.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	61.71 KB
MD5	270233daea4ddcf53c48c48d6aa7a631
SHA1	fbb6b9483cc39553c89a1a195f479da8d83c2de3
SHA256	4636a1e8195d61356476103e046ffa398ff34fb75635d9be74e9d536d8980bc5
SSDeep	1536:kr6FlnL6lP566Nvew2eCfAmUgku6aYtVfK:kalnelP57NKMlgkuVeVi
ImpHash	None

C:\Users\FD1HVy\Pictures\Mlg1NPSL8e.gif.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Pictures\Mlg1NPSL8e.gif (Modified File)
Mime Type	application/octet-stream
File Size	62.55 KB
MD5	87f1cccbf16116f66a29dbe60d4d42e5
SHA1	e046000f70afcd74300fa306f39cce5500a2cb5a
SHA256	18af40ba21ffadbbceffa69dd1351ca22790f8e51e3d6681fc124e85d84e58ca
SSDeep	1536:fG2cOsqigNCZBjw7mO4Y3cu5w/tUCIahIhF7fR4r8:R9BtIamOxfw/PTCR4r8
ImpHash	None

C:\Users\FD1HVy\Pictures\Q9t5lo1JTYxiG0zC0eoM.jpg

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Pictures\Q9t5lo1JTYxiG0zC0eoM.jpg.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	82.62 KB
MD5	e5f7060daad3ec536ca7a0570dfa4702
SHA1	3d0f540740c5f3177007b13dc93b7997ea416f69
SHA256	d8d55ec839a31c42658f5fd0e0b308cc26b7ae29a6c0c30cda7833759ba3d939
SSDeep	1536:uTrwWFppjsstdPnR6vZ5ZowzzyX+HV0rflFo8+E1xO6FvycXs7kEOG:ufdsi+uRI0rf+s7kh5
ImpHash	None

C:\Users\FD1HVy\Pictures\QcjhSO5C8nNWxRRwIsM8.gif.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Pictures\QcjhSO5C8nNWxRRwIsM8.gif (Modified File)
Mime Type	application/octet-stream
File Size	95.37 KB
MD5	e02d74e7c121a8c933d75030313fb494
SHA1	4131fa5a93edcb5400f90e1839b6a52181697786
SHA256	a042958c5ee588e56db5012c4f6a5e41566958c91973195b7ba6157eb5d2b6a0
SSDeep	1536:E24oyjYbf+MqUVliQSzyaRaiPD99L0YkQKRXPj3VcfxZCUg0CASlCitNRMQ:52MbmaiPDTXeRXj+xXqlCitNKQ
ImpHash	None

C:\Users\FD1HVy\Pictures\w2Ggflt1qbvxMq9I0.gif

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Pictures\w2Ggflt1qbvxMq9I0.gif.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	93.23 KB
MD5	5636f3bddb047d20452d3bb2a7b87443
SHA1	05c6af83bae3df88747e378d0a88d9ecc3b20108
SHA256	2d2ff2e8d62c14ab5f33939046d99c33f7b716a39ac84d9aebbb32a4e46b99a6
SSDeep	1536:ls3M6pqdOu5AwAyd8OYCNGwJ99NCN3vvq9j0RhhIEmy5Y0Wb1lRMJIpTB6MO+M4t:lV6pqou5AwBeGNZ99cHo0HhIMKxlRM0J
ImpHash	None

C:\Users\All Users\Microsoft\Storage Health\StorageEventsArchive.dat.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	c:\programdata\microsoft\storage health\storageeventsarchive.dat (Modified File)
Mime Type	application/octet-stream
File Size	6.38 KB
MD5	9ee1184fd3ebea11200c51cd3e112784
SHA1	fe91f374d56a145c7e1dbce98427595a25c05db0
SHA256	a17e5cc5f00ef7f07bf627baf524f91b45cd6b6581d3c88dfc1806ac6169cb1c
SSDeep	96:izkJ4TKcz7uf/TziAImUPnNohlC+4nYRS74Uz4sglbfzVU9oRFDC0ZZ98pQkRhFU:n6TKcz7ZAIPOhs+JZU09fGoRJC+tkM20
ImpHash	None

C:\Users\All Users\Microsoft\User Account Pictures\FD1HVy.dat.ragnarok_cry

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\All Users\Microsoft\User Account Pictures\FD1HVy.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.01 KB
MD5	3425204a8122c1780d342dd31c1d4c90
SHA1	5126b63bbad516bfdd0120053aad0562f7dccc91
SHA256	cf3cb6dada54aea080d6cdcdf9ab7a537909ca01e09e88d110ac387b78be6409
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0Ko9rnBWoOSaJ4660WAgvrTzmYpeioc:i64YzyGwg8eghG0Kovs2N0crPm2Voc
ImpHash	None

C:\Users\All Users\Microsoft\User Account Pictures\guest.png.ragnarok_cry

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\All Users\Microsoft\User Account Pictures\guest.png.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	6.29 KB
MD5	bba79216556d064f81ee2aba01a42062
SHA1	295748c64c7fad94513de53eeea5ad921dae7591
SHA256	420f2c6789c53e0b592d6e9b853bac0c074b7f14b3f493c725619fc69262561e
SSDeep	192:n6TKXbfqlTasSkPXXcClaPs6O0Q0jYhyWESt0+q:Bz1nkfXccaU6Ox00/Xq
ImpHash	None

C:\Users\All Users\Microsoft\User Account Pictures\user.png.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	c:\programdata\microsoft\user account pictures\user.png (Modified File)
Mime Type	application/octet-stream
File Size	6.29 KB
MD5	ff59a8f8d2437529c9d398ea61850c70
SHA1	e86eec6a2af1f4d64b8c4c41f87d652e5950fa86
SHA256	80ce9262c4f06cd59120c59b6bc43564a467866a2b4aa4e2027352c7cd06774d
SSDeep	192:n6TK1dOyDA3RsYZJXkPaDCMr/hHMGg1jLJoZTDP3qoE+:3dOyc3DZNQB2/zg1jL6Z/PqoH
ImpHash	None

C:\Users\FD1HVy\AppData\Roaming\9tfWUgFYqYCKT4.jpg

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\AppData\Roaming\9tfWUgFYqYCKT4.jpg.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	92.60 KB
MD5	a14b6dc046ec04fc216ea23dffbe4916
SHA1	35cd6add3e3d356a1a45c9e9725b4b71d6538510
SHA256	e4ef4408547fc3e442fe3e1f91f3759c41dcfbfdff7843c81e3027b47b6f75ab
SSDeep	1536:l9Krqf1nPzffsBZBe/VtMzF5vSWYDtRTmNBZqXOvBapTfKXQvwinaANEfBzadD:4qtnrfE3BI8gDWNOXO5oTKXQvwinxNEM
ImpHash	None

C:\Users\FD1HVy\AppData\Roaming\csk1ST.png.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\AppData\Roaming\csk1ST.png (Modified File)
Mime Type	application/octet-stream
File Size	2.52 KB
MD5	efd7adfb8947570349f68e2577e7d2b1
SHA1	8de985903bd42563445bcc8c3b6437909ab2e8f3
SHA256	72518b35457f57538d1518a6da67536cc2be0abfa322d62352d88ff31ababc50
SSDeep	48:i64YzyGwg8eghG0KoKHl+RfgVixhVhTxP1kKfE+QgPjHVV+LXi7p9rqSrB9Sswdd:izkJ4TKRHlefgVmhdatmj3GmYS+sghf
ImpHash	None

C:\Users\FD1HVy\AppData\Roaming\eUme_LG_s4BCcalkb.mp3

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\AppData\Roaming\eUme_LG_s4BCcalkb.mp3.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	45.84 KB
MD5	51e246478c7964cda68bd900556eee67
SHA1	6c1c24d891b4f407419fa8d84cd8160d3cc97900
SHA256	696aa215d22cf5f0a083f66ff8f54f941b0715d14cba36a20b571e9a534503b4
SSDeep	768:Qg7oAOCO7mflizh9KZIt2cBmEB2rEzEKBfeHoHLOdAb1jHeUeDLTymBX2M:Qg7Fqmfk96o2c4EBnzEKBEAb1jHwdBr
ImpHash	None

C:\Users\FD1HVy\AppData\Roaming\jd2tT95Z.bmp.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\AppData\Roaming\jd2tT95Z.bmp (Modified File)
Mime Type	application/octet-stream
File Size	72.40 KB
MD5	410023d6577ba603a9de010b0f2eaeba
SHA1	265e9548fee4c6f913f657174af4a633c1dd3465
SHA256	e730096686ef6e66cd993de2c240cda87aae5ff551009e61e66c50efee402f2d
SSDeep	1536:5NEyskFooxCWQWS3N9Ntdc153jImyr3P+v/N8KQ2ixin03AYQhfFJQy:67TN81FjRWfw/iUNnEAlhfXX
ImpHash	None

C:\Users\FD1HVy\AppData\Roaming\j8YqChR.gif

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\AppData\Roaming\j8YqChR.gif.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	40.91 KB
MD5	01524f1f7682f19be5e68949c9f20d0c
SHA1	2ebbdbfe749f08f63701d2d8a92934fd55793442
SHA256	25156f4bb09ef0c9a4132c3c27ac1434d51336059cf9a8c416c357545e03ccc5
SSDeep	768:aOJ4+WfTUoLXEIJVYiNtxRDCTgIak6RQabjHbr8BLI1D02efo/kBcafwBwGcr:B3WwoLUIJea+Fak6BkBL6efCkdYGP
ImpHash	None

C:\Users\FD1HVy\AppData\Roaming\QwjCLC.doc

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\AppData\Roaming\QwjCLC.doc.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	94.70 KB
MD5	f459d878b22203571a4e4997687837dc
SHA1	2406a3cdbc1cd4ec67741553bfcd86337b9f214a
SHA256	fcdc5cf6ffa36e050241ba8f73f3096898641bb034d6bcff6c15f900e07e5ade
SSDeep	1536:KnYRaYQTPAxZZnAw7iUbD2oEC1QNeVfXSnf4Rgl7LZICCEJfZk7VUjGvFu/haPgI:kiQ74LAw7iirQgRgugRiCVf2GS9SaZjx
ImpHash	None

C:\Users\FD1HVy\AppData\Roaming\Rv7ugHMQX2-xvYX8.ppt

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\AppData\Roaming\Rv7ugHMQX2-xvYX8.ppt.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	18.77 KB
MD5	dc2a2ebf6fc6f4b3443dff2fdae370e3
SHA1	7a336f61b5bdedeb8217128f20bdad378ac2b9f3
SHA256	b1b8aae3761bd82c3302146f2f4952435bb9a4f74625670934bf2300fbc8e87b
SSDeep	384:OGpoaba5/lDAPyPRFz3SCXQmFF8iHkwgLLlLXrkXRjKf5dlxA4t:TTm5drDSWP8iH8xbXjA4t
ImpHash	None

C:\Users\FD1HVy\AppData\Roaming\xF31skQftSSgwuxP9.png.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\AppData\Roaming\xF31skQftSSgwuxP9.png (Modified File)
Mime Type	application/octet-stream
File Size	59.76 KB
MD5	8602846cc09db4df300ce2bbeb9aa35f
SHA1	1c3779021ac2509a86cb2594d616621b922b620a
SHA256	ce75a822599cc65e09afd7a227581c70a6c149a80513b4b7e19df5126e0abb17
SSDeep	1536:T46Au0jGjkYhPyiPAI73rY9KvbVuk43+t7xyDlY7T:TZyjGTqiPt7boKQJ3NxST
ImpHash	None

C:\Users\FD1HVy\Desktop\67Rs4NdS4WM\lXrHo_P8qOs0fe7RXsa0.mp3.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Desktop\67Rs4NdS4WM\lXrHo_P8qOs0fe7RXsa0.mp3 (Modified File)
Mime Type	application/octet-stream
File Size	45.29 KB
MD5	002cac6b6313cb3f269ec39fb0f89043
SHA1	3a0afd529f6ba19a9893b8ddd1cbfdfe732be4a0
SHA256	2e8060be3593883223e43265abcf52dea120cb8f4e61533568ec6ed19a44d4b8
SSDeep	768:ONiLizH/kiKxGKEpp9BpgjzYO6odyOVxD2dAoq4qsdu4tPPtdE:ONi+zHspxGKEP9/gJ6odFPDiZSsdumXE
ImpHash	None

C:\Users\FD1HVy\Desktop\67Rs4NdS4WM\lCxphD2HS6Gm4Zcoj7.png.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Desktop\67Rs4NdS4WM\lCxphD2HS6Gm4Zcoj7.png (Modified File)
Mime Type	application/octet-stream
File Size	37.23 KB
MD5	aba248a646af130c2ad1d3a5d2d1ddc3
SHA1	eb87113fb644aca208f064a436aa1383adce25d9
SHA256	5a25e2ee613726af7c8a8bea3be2cd44081eafec1fb424c282ed67aae121582d
SSDeep	768:sc91384cb2BoYnlk7lae4qD7LdurdZonPAcjAEDELPq9iCkvZ/3C:TM92Bon70+HL+dZ8PAc7DEDq9iCya
ImpHash	None

C:\Users\FD1HVy\Documents\GVdr6v_443\d AJprNora.pdf

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Documents\GVdr6v_443\d AJprNora.pdf.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	30.90 KB
MD5	361ed4ab08e75841b9da7e197f819ceb
SHA1	b3bd6ed92f2c9e05bc23c742ffb1b2ce1e566251
SHA256	a6002d1394baf902071c400f40abc144b38d742c85632cf6d661e1068b001269
SSDeep	768:lCcInIDnXVetbrgY0vm0vsJcIzenMNrBe0DsqZd9uYLwu5EQ:H8ITVu0d6mMfe0DsGHR0Q
ImpHash	None

C:\Users\FD1HVy\Documents\o1Rxg9ErX6xmX\kbbSxx3RrM_CKt.xls

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Documents\o1Rxg9ErX6xmX\kbbSxx3RrM_CKt.xls.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	85.05 KB
MD5	24a523452f3c60725b1a7d7235771d4a
SHA1	acd7e7b0e05a9e5d2a58cad60675fc558fb24552
SHA256	bec8dda651223ff74dc0705e1d44757a0becf847c39671e0bda52e121e228681
SSDeep	1536:5me4nxELmqV/ObsQqECeAHr6h/Y0hv0/4645WUd209VeefgDnv4jDA:5meAxESqNObsQg9Gh/YmM/4645Wqkv4Y
ImpHash	None

C:\Users\FD1HVy\Documents\K7F1p\KOKhTZp2kXQq.pdf

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Documents\K7F1p\KOKhTZp2kXQq.pdf.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	24.55 KB
MD5	f13c63acd29dd2890cb6bd12915eb93b
SHA1	fc1b2b53fd89de0810c16135fbc6a96d09c1ffa6
SHA256	7f9655e1ce56b8a4a17e1cb16ce0137c2869b852ba0fbdfb41503d388e9f8f6d
SSDeep	384:1xIUQTW6huELqASL3WvsnohHlNFst5FbFNFV9bBCZumQXBQtsa:1xI1WhmR0UsoNK5tDLKuhWsa
ImpHash	None

C:\Users\FD1HVy\Music\HFbT7130 UW\baMT_Xfn ZTzg52QLPe.mp3

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Music\HFbT7130 UW\baMT_Xfn ZTzg52QLPe.mp3.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	3.21 KB
MD5	f8de990e25a9f89a64efa5527f07ae5c
SHA1	2fc285ed2dcc7b1c4e457fadbf825c851644c5e7
SHA256	5809b58e09b6f59bd287d8932c61c07b22f415072c9c1fd16b1d1af4c3b1e411
SSDeep	96:izkJ4TKL6fV2dMoaTb3pTVyDXZa6jtWk1KaW:n6TKLdMoUmDXZa6jIk1KB
ImpHash	None

C:\Users\FD1HVy\Desktop\67Rs4NdS4WM\nid6mOdjGpO\AZw6vD_gawfcZQ.png.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Desktop\67Rs4NdS4WM\nid6mOdjGpO\AZw6vD_gawfcZQ.png (Modified File)
Mime Type	application/octet-stream
File Size	49.38 KB
MD5	92c344b8fae664652f9a2f9b46e0a3f5
SHA1	ac96d22b2e73cc9a6764bac73567904ead1a5f76
SHA256	acbb293b05a9bde81f067306ad80f44d3f8187e3c7a5c33e1b6efc499969eb5a
SSDeep	1536:TGNnlyWerSXHKy/I6kttHJLXsc1re0tqPBoDc:aX9XKy/oxJLXsc16KqZ3
ImpHash	None

C:\Users\All Users\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\en-us.16\stream.x64.en-us.man.dat.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	c:\programdata\microsoft\clicktorun\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\en-us.16\stream.x64.en-us.man.dat (Modified File)
Mime Type	application/octet-stream
File Size	862.96 KB
MD5	e510a8aac58d517f8d4a1cf2a5501f90
SHA1	9af0b0bc6166557d5e3899a6aff438a7a08e6de6
SHA256	1da650fbd9cb64e057c83ae3b73284c2a82471d42db7b45b3b4b423fffbf58da
SSDeep	24576:J4q9Fzw9IYB/mAjp7tIafvONax0Qam7lU2G:JT9FzGtmskarBlUx
ImpHash	None

C:\Users\All Users\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\stream.x64.en-us.man.dat.ragnarok_cry

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\All Users\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\en-us.16\stream.x64.en-us.man.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	862.96 KB
MD5	baef508c0770bc165dea162a37dec1ad
SHA1	78794a79646a1c1d04eba64011a15e73b35eca32
SHA256	7ef0f814a60b0b539bf04aaad55c3faa20fe55d04c4f4d614211fcefeaea952a
SSDeep	24576:gKmUuatuZ5w+dLUfvF3fazkbjJaF9WxgOupAtbb3j:dm1bZa+ivF3fazk5bluSBn
ImpHash	None

C:\Users\All Users\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\stream.x64.x-none.man.dat.ragnarok_cry

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\All Users\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\x-none.16\stream.x64.x-none.man.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	3.52 MB
MD5	f591f2a341e93a382fb6f57dea27cde0
SHA1	5bf2a691bf59dfde8bcb38158e47a88742c389ec
SHA256	ace692fd2751b2385ede6cbbb0c34cc737baa5a2b3764a087b2ed0abf18b4883
SSDeep	98304:FAN5kZs7XWr+LRo3HG2R3zirZoJQufxpVv1mwiuMTngbmXw:Fyke7XDt2m2RDir++uJh3P7kw
ImpHash	None

C:\Users\All Users\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\stream.x64.x-none.man.dat.ragnarok_cry

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\All Users\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\x-none.16\stream.x64.x-none.man.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	3.52 MB
MD5	577edb963cd00b81e52d6fd3bc7f2761
SHA1	affadab9f52fea6eae35cff14f523dbb85d67b86
SHA256	88a1882f264133f85380cd09bb16897c585967dbbd9140c42853a58aebb50d53
SSDeep	49152:OZwXkaZWdo72ytCoG0/gG1r58rFkVJcp79PQkDqxtkaDQSZoJbfe5HlZXOp7SYmL:aCZWS1CoGqgmrC+LGYZ4fevZXOpDLCv
ImpHash	None

C:\Users\All Users\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\x-none.16\stream.x64.x-none.man.dat.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	c:\programdata\microsoft\clicktorun\201eb7df-c721-4b8b-9c81-a09de7f931e6\x-none.16\stream.x64.x-none.man.dat (Modified File)
Mime Type	application/octet-stream
File Size	3.52 MB
MD5	f19b38807adee24ab50c0860a0dcb6dc
SHA1	52b35795e6e65bb515a0d88654122493c71237de
SHA256	627a53fce19eb7de95e604238ab9892d3ab2961808efa70c95f7a519dd267a18
SSDeep	98304:LEOJ/EpXy9fBBfMWlIzbLE3FzRkV9heW6CJXg2rGN:Ll/EpXyh/kW23I39RkVt+
ImpHash	None

C:\Users\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.ragnarok_cry

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	974.70 KB
MD5	503ca7766f6c02c058a45e48b24c651b
SHA1	abc388cb461d8b6d82813da13ece8ff626464d54
SHA256	87114f7a91f4c9c6a62735d6922c41c5768edb2e446411385e370566e201fe5d
SSDeep	24576:TN2UYBRnwaLL5WSruzCBlovPeyR/l/32JLMZSgyJAVBw:cBRnwavIAuzC8Xe+B+LeEr
ImpHash	None

C:\Users\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	c:\programdata\package cache\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\packages\vcruntimeadditional_amd64\cab1.cab (Modified File)
Mime Type	application/octet-stream
File Size	5.53 MB
MD5	ff37ff342ccb39c92f25ab2c66ed057b
SHA1	50e955d5bf9966fa5514df7ea65ffe508ed8276e
SHA256	c282000c8f35f60e872ac521749dca2ee04524a0a6efded7255c284745d7205f
SSDeep	98304:agT+PSRq/A6TdOvqSPOd8bl0TThBNK0wOKovD0Dt+ZQk9OCOrSTVrtMf/Md:7a6RwpTduqSmd8bl0TXNbwYQIOFSRrtn
ImpHash	None

C:\Users\All Users\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\cab1.cab.ragnarok_cry

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\All Users\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\cab1.cab.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	4.96 MB
MD5	f085b345d994abf4edfa556caa9e681a
SHA1	a35d64f8ee7d3eed387289a9d48f8b9cbc1a191e
SHA256	2132c370eefeacc11c12dcab42a1ecd3b19df1778ce78384d6901923e11ea884
SSDeep	98304:XMgSpBGplZmf64ZBNJiGyyTkj70Kr8o2XRfued7afGjWJyEUAGcVoXk:XnplYS4ZBNtRkj7VrgRuedmfQWJyZAxh
ImpHash	None

C:\Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	c:\programdata\package cache\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\packages\vcruntimeminimum_x86\cab1.cab (Modified File)
Mime Type	application/octet-stream
File Size	803.45 KB
MD5	58104a732e0e676671b82dee8f2e91b6
SHA1	ef439081fa869430236a585c1e05f1d455deff7d
SHA256	d6665b07ded296a0fab4776c0bdc9b3a793bf46ff3b36cf1b86cdb89ec0c0cf2
SSDeep	12288:GsLXoPHjauQDVE3DESMJL1D8wMCiI2sZl1y5HgzlMY0TX2t4aGlkvexYgsewCUkL:GXPkZCDEdYZB4RYH9Y0T/aG7x7sewA9h
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Comms\Temp\CalendarCache.dat

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Comms\Temp\CalendarCache.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.04 KB
MD5	b7c46814b482e45b48c30c3325d118be
SHA1	6ce0e7701518d3dd26d4dc5afc62474b9d205bad
SHA256	af3b1586aaa91912d65d4e21aa5481ef3edf9b75c6c2975ebbac2aff672486ec
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0KoRKDwdMeNX5vmIbXe4CHLGKce:i64YzyGwg8eghG0KoDdF53ba6Kv
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.98 KB
MD5	d58e98fc263bed9fd952b48b9b033e67
SHA1	aca9959f24e0a0f18da625657cef96b32af78331
SHA256	c29a3a3531c8afc9c979c458b3a3b25509b4d45a64408e64efaa329a37977f4a
SSDeep	48:i64YzyGwg8eghG0KoKOTUTl5+5DZoPQ+13pI+2VCweH01lLVd0A9m:izkJ4TKJOTUx5+5eRCXVCwk01l/P9m
ImpHash	None

C:\Users\FD1HVy\Desktop\67Rs4NdS4WM\nid6mOdjGpO\Qu9HQPl4f4Gu\u2kyGI.gif

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\Desktop\67Rs4NdS4WM\nid6mOdjGpO\Qu9HQPl4f4Gu\u2kyGI.gif.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	88.63 KB
MD5	6c18b3e007eba61f2681f50ae3c6efae
SHA1	146fa14ca52eb71e9d57ea807ebc352c4c52458c
SHA256	af3561ff449e291e1fb861317d4794850d82dd57a5722b55d0ac52f18c9956d1
SSDeep	1536:btEEXYJKAxvLv8fDRf+CA2dIJLj8MyJQhpnh56N9iXVsUbjcQ6C5NLbh3ow2:btReLEfDTANJLj8bJQhpKN9iXVcQ6GbE
ImpHash	None

C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.man.dat.ragnarok_cry

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\en-us.16\stream.x86.en-us.man.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.03 MB
MD5	e61893acc0e4d21de11e4c3688ad0b10
SHA1	d9118f338c4905cabc03c9f09174e6c135a5365e
SHA256	8a4e1d863119ff6f89420226692e6738107ac2fe713b5bb3e3e6708328597a69
SSDeep	24576:KE0bIlCP4Xbaxq+UQKViZZSUX5ZTFnK64OlZniFWPwaauHAVp1:KE0bIl64Xba8OKsfR3brni4IhuHc
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NBLGGH4LS1F.dat.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NBLGGH4LS1F.dat (Modified File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	4a1cdfb5de4fe214d872b3877dae208f
SHA1	5ad9315ca21467a393ccd28634e159f2cf14e46b
SHA256	7cf83941818d95f38f82af8cb9837585b3ea8e4faa72658c3a7554be9bcb29b1
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0KobOslMZLJ7DsAB6SHPLYUv69SNbyQQ2vTap:i64YzyGwg8eghG0KobOL1sq6SH9CUzFY
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRD1HKW.dat.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRD1HKW.dat (Modified File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	e32145efc78492cafcd22c2cb1d3a132
SHA1	71c6f6f0b231324c35b256998286e06de0259994
SHA256	061442afe087281c79bfe96a0a5fc9b15a9720a760f9e3f4fe298e23fac9f58c
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0KoDXoB6GNjsoSfvSx8ntt0vgjwsj/VCcmf:i64YzyGwg8eghG0KoLss53tCIhj/Az
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRD29V9.dat.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRD29V9.dat (Modified File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	abdbf385885a755ed239b09828ecb863
SHA1	b3642a86cc293efe8e078fab46b241135fcb9ff0
SHA256	d6301909a545a50d3683141babd2d16b87ad0992401345441a91f51b30cafef1
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0KofyYhQa4kwbwxpI3YE4iY3D9sJF69BIGx49:i64YzyGwg8eghG0KoJhQ0xpNUY3D9sJN
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRDTBJJ.dat.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRDTBJJ.dat (Modified File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	39c2ada77bdde8da26cac1c9c1280294
SHA1	3596e3103f72c732b26a81e76329fc044cc5165c
SHA256	1f8e0395fcaeca67f719aad1c5459fc26551f6d36fd1d792b9d1ba3887453b13
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0KomCgbrt7KEd75x3cvam7sb1KaKk1uBx45zG:i64YzyGwg8eghG0KomTrt7FzOeJNKkYt
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFHVH4.dat.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFHVH4.dat (Modified File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	0089bbdeb7f3ec70f8a26f2330ad1e95
SHA1	6cdd7aa29922ee40a0a8fcfa67352820c18e4052
SHA256	e7d62155518195596e2d361dc40fe7337d96a997e0444b98c3df88c4c08ef25c
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0Ko1N3HWqNE45dISslBMqOLCKtshq+ZAyeYgV:i64YzyGwg8eghG0Kolm6bslB8Oqsk+Z4
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFHWD2.dat

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFHWD2.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.48 KB
MD5	0f606e7d34f5df0831c38f7f2c4ea037
SHA1	f79ddab00b96d113fbe4314ce02e1184173b98d0
SHA256	6d8e81ce4d20329f7e052aff3a4f6b9be43a672abf4250f7cdf53ed1ab0327ec
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0KoPF4gtwqgYE5ovD2Ql5WJbUl2G6hsnMdOPa:i64YzyGwg8eghG0Kot9wqgYGo6QP0bUq
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFJ140.dat

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFJ140.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	428b403999de37c6b6ea94ee852c46ca
SHA1	d5932d28d0e08dedf319b90ba18d52cd9f2a0909
SHA256	a30be1ec1e0cb8441258b2e05e0a86b7bc43c35416b8bffd58800c3b4f49dc69
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0Ko082pd7bE2Iyghx2Um/yhlLFP6lTeOmnreP:i64YzyGwg8eghG0Ko08cbE2IJhEKhlpk
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFJ3PR.dat.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFJ3PR.dat (Modified File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	c87fd2b0ea6175a1bb94d443075233cb
SHA1	3aa4542860a8ad7c21010057fe386101318cd3ab
SHA256	bd5d0f1802a099977eb513efd2f91a5db07a6f90890e32f1dbced70ccb3c9b94
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0KoNKAgjFXl1uAED3td/UXtUWj0tsCERxBcdw:i64YzyGwg8eghG0KoTgj9ADzw+NtsRn1
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFJBMP.dat

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\InstallAgent\Checkpoints\9WZDNCRFJBMP.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	7e5544e20664f699d9cb3d10e49c7f81
SHA1	3271372634f0fd62173005f1260012480b154e5a
SHA256	7b7d4ba57470b197142acc216a26e151c573697234146a5fd55e698713cd81e3
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0KoFxQl13UMUovtzetjNf5n8jtotW/lpT3koE:i64YzyGwg8eghG0Ko2N9zU5n8JotW9pY
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\Office\OTele\{6E699364-D728-4772-BD21-24A21748BF64} (0) - 3932 - excel.exe - OTeleMediumCost.dat.ragnarok_cry

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\Office\OTele\{6E699364-D728-4772-BD21-24A21748BF64} (0) - 3932 - excel.exe - OTeleMediumCost.dat (Modified File)
Mime Type	application/octet-stream
File Size	1.63 KB
MD5	647304840638488f7dda1abacdab3859
SHA1	a772ada60a0125af8c420a3b06eee513a62a5469
SHA256	cd9719cce75295b342c2cc3dcf6713263b25a383c60328a1d31cbb7e1519a804
SSDeep	48:i64YzyGwg8eghG0KoP50CR+16SVDF9jQdxzUSf+x:izkJ4TKs5CvVDF9jC3+x
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\Office\OTele\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\Office\OTele\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.29 KB
MD5	9d624e1dad88dfd8bf609570ad836fa0
SHA1	24e881195ea0f9b3a314fbccf7c5686e6bb2f2c1
SHA256	814aaccb2d87e3a2222bc9e07dfa8c1a9dedc26fc26b8e43f6093ac8194dc713
SSDeep	24:m15/X64hPSIGyGwgu3cWeSNL1hG0KoK6wB8l2T8l9Mx7ZORYMYYSuUMQ0xLlbZYW:i64YzyGwg8eghG0KohUYnGZOBlSuA0TT
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\Office\OTele\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (1) - 2228 - winproj.exe - OTele.dat

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\Office\OTele\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (1) - 2228 - winproj.exe - OTele.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.51 KB
MD5	a028b62639c9d2a74c886d53a265b186
SHA1	d64822e44d7fefbb8a9ac8a101ab02bcf62ee192
SHA256	935c89f6f7133cedfbe06ff764cf648f2fef17a40f316efb59477e160fcd56cb
SSDeep	48:i64YzyGwg8eghG0KoW/aetqpm3gFvHVqY9u8XytOW:izkJ4TK/KpPFvRCMW
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\Office\OTele\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (1) - 2228 - winproj.exe - OTeleMediumCost.dat

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\Office\OTele\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (1) - 2228 - winproj.exe - OTeleMediumCost.dat.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	1.84 KB
MD5	06b5f3dcb7409263897ebfeaaa3d2a62
SHA1	dc2c72725378b4e6c9b6689ecea4093436f3f71d
SHA256	bbb11cd0f71b67a280bf96f57d43c7724d2d77b441febc9206db5ff33e406b87
SSDeep	48:i64YzyGwg8eghG0KohisVoEqDQniVuIVXyfkP9cgCstwMWILoW:izkJ4TKng3QlP2gFN
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_1\AppBlue.png

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_1\AppBlue.png.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	6.38 KB
MD5	5274b9ca39005df8504607ebb4ac9813
SHA1	4495d555c2d95794884c33b142ecc91fdbb81c86
SHA256	ddf10e18fa9141283d4425a926f9ceddf83f75a735a79e38edbdad63ff21166d
SSDeep	192:n6TKfrpkUUgv0L9PDoRkHpo6F8el2aDbvD6Dadu:hW2v6RDskJB8eqsu
ImpHash	None

C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_1\QuotaCritical.png

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\FD1HVy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_1\QuotaCritical.png.ragnarok_cry (Dropped File)
Mime Type	application/octet-stream
File Size	9.62 KB
MD5	2cd670f9a99972e0a399ee566beae61f
SHA1	e951b1369aa5a3600c611bb3856c4b70fc242c99
SHA256	1a09038d86fce306ff151900b29369acfaa61278a96d4ec6403606f311806d96
SSDeep	192:n6TKg5/wpy0INXxdvaW527K1tzLWFxyC1mySRlZf3N7DnZR4ZIEuqFwGQSba91p3:GgU7xc6Rl1N7br4ZokO9Gsp
ImpHash	None

Remarks

There are no files for this filter

There are no files in this analysis

WHOIS Domain Information

Before

After