Source: |
Binary string: \??\C:\Documents and Settings\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\HOW TO BACK FILES.txtt source: _145.exe, 00000000.00000003.2463883716.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2448155795.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2474161549.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2468665310.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2446209908.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2421851748.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2470248366.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2424145871.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2444794305.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2458250816.00000000046D9000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Documents and Settings\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: _145.exe, 00000000.00000003.3043931816.0000000004E6D000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.3063871047.0000000004E6E000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.3042976121.0000000004E5F000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: WINLOA~1.PDBwinload_prod.pdb source: _145.exe, 00000000.00000003.2768934459.0000000004F2D000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2768594020.00000000046B9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.3033685962.0000000004F2D000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \\.\C:\Documents and Settings\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb.\u source: _145.exe, 00000000.00000003.3043931816.0000000004E6D000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.3063871047.0000000004E6E000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.3042976121.0000000004E5F000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \\.\C:\Documents and Settings\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.erroro source: _145.exe, 00000000.00000003.3043931816.0000000004E6D000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.3063871047.0000000004E6E000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.3042976121.0000000004E5F000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Documents and Settings\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\*y\n source: _145.exe, 00000000.00000003.3043931816.0000000004E6D000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.3063871047.0000000004E6E000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.3042976121.0000000004E5F000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: WINLOA~1.PDBwinload_prod.pdbansferApiGroup003495205506.txtf-4 source: _145.exe, 00000000.00000003.2419605565.0000000004710000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\HOW TO BACK FILES.txtxtxC;Gl source: _145.exe, 00000000.00000003.2810948305.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2808026680.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Documents and Settings\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\* source: _145.exe, 00000000.00000003.3033904369.0000000000C42000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: *ntkrnlmp.pdb.x source: _145.exe, 00000000.00000003.2768934459.0000000004F2D000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.3033685962.0000000004F2D000.00000004.00000020.00020000.00000000.sdmp |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.215.85.142 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: _145.exe, 00000000.00000003.2119295159.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2115765687.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2105465625.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2113220234.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2107298089.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2122539513.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2126414835.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2108719872.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://91.215.85.142/ |
Source: _145.exe, 00000000.00000003.2510362600.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2834278123.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2245387731.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2118543111.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2402014969.0000000004E6E000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2693658563.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2255350664.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2353415484.0000000004E6E000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2164025204.0000000004E67000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2627821845.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2439049300.0000000004E6E000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2111946101.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2142199872.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2317335616.0000000004E6E000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2288444944.0000000004E6E000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2234137390.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2253989150.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2276294552.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2623524950.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2219923211.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2401176735.0000000004E6E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://91.215.85.142/QWEwqdsvsf/ap.php |
Source: _145.exe, 00000000.00000003.2955369843.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2282905702.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2960843087.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2865208023.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2274365972.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.3037359481.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2222401734.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2212727565.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2810948305.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2218505422.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2241036278.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2281686127.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2245387731.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.3041013104.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2842090850.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.3030658115.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2229599387.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.3024553021.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.3026631650.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2248365883.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2994950360.0000000000C71000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://91.215.85.142/QWEwqdsvsf/ap.php? |
Source: _145.exe, 00000000.00000003.2114682457.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2105465625.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2113220234.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2112753503.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2118543111.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2107298089.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2115765687.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2108719872.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2126414835.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2122539513.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2119295159.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://91.215.85.142/QWEwqdsvsf/ap.phpC: |
Source: _145.exe |
String found in binary or memory: http://91.215.85.142/QWEwqdsvsf/ap.phpContent-Type: |
Source: _145.exe, 00000000.00000003.2118543111.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2107298089.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2119295159.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2115765687.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2113220234.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2108719872.0000000000C71000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://91.215.85.142/QWEwqdsvsf/ap.phpE |
Source: _145.exe, 00000000.00000003.2111946101.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2124056896.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2109635027.00000000046D9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://91.215.85.142/QWEwqdsvsf/ap.phpM |
Source: _145.exe, 00000000.00000003.2510362600.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2834278123.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2693658563.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2255350664.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2627821845.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2111946101.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2623524950.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2219923211.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2769821019.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2277539266.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2639420389.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2754010913.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2708633139.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2776003689.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2583352269.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2503519816.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2505405064.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2766609044.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2280941934.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2593614953.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2762115723.00000000046D8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://91.215.85.142/QWEwqdsvsf/ap.phpP |
Source: _145.exe, 00000000.00000003.2118543111.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2107298089.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2119295159.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2115765687.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2113220234.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2108719872.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2122539513.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2126414835.0000000000C71000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://91.215.85.142/QWEwqdsvsf/ap.php_ |
Source: _145.exe, 00000000.00000003.2173823123.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://91.215.85.142/QWEwqdsvsf/ap.phpata |
Source: _145.exe, 00000000.00000003.2510362600.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2834278123.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2693658563.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2255350664.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2627821845.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2623524950.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2219923211.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2769821019.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2277539266.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2639420389.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2754010913.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2708633139.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2776003689.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2583352269.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2503519816.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2505405064.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2766609044.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2280941934.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2593614953.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2762115723.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2751883110.00000000046D8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://91.215.85.142/QWEwqdsvsf/ap.phpf |
Source: _145.exe, 00000000.00000003.2510362600.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2834278123.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2693658563.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2255350664.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2627821845.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2111946101.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2623524950.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2219923211.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2769821019.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2277539266.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2639420389.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2754010913.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2708633139.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2776003689.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2583352269.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2503519816.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2505405064.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2766609044.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2280941934.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2593614953.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2762115723.00000000046D8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://91.215.85.142/QWEwqdsvsf/ap.phpj |
Source: _145.exe, 00000000.00000003.2142199872.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2955369843.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2282905702.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2135798477.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2960843087.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2865208023.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2274365972.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.3037359481.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2168413825.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2222401734.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2212727565.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2810948305.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2218505422.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2241036278.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2281686127.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2245387731.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.3041013104.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2842090850.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.3030658115.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2229599387.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.3024553021.0000000000C71000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://91.215.85.142/QWEwqdsvsf/ap.phpnQ |
Source: _145.exe, 00000000.00000003.2111946101.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2124056896.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2146130235.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2146593085.00000000046D9000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2109635027.00000000046D9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://91.215.85.142/QWEwqdsvsf/ap.phpr |
Source: _145.exe, 00000000.00000003.2142199872.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2135798477.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2138463076.0000000000C71000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://91.215.85.142/QWEwqdsvsf/ap.phpx |
Source: _145.exe, 00000000.00000003.2118543111.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2107298089.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2119295159.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2115765687.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2113220234.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2108719872.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2105465625.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2122539513.0000000000C71000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2126414835.0000000000C71000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://91.215.85.142/RS |
Source: _145.exe, 00000000.00000003.2119295159.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2115765687.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2105465625.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2113220234.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2107298089.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2122539513.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2126414835.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2108719872.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://91.215.85.142/ows |
Source: _145.exe, 00000000.00000003.2114682457.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2105465625.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2113220234.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2112753503.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2118543111.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2107298089.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2115765687.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2108719872.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2126414835.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2122539513.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2119295159.0000000000C7F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://api.ipify.org |
Source: _145.exe, 00000000.00000003.2460052995.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2150813269.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2304552381.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2132952244.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2646935934.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.3008853653.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2607320971.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2522280834.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2326143420.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.3009346738.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2091710763.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2097131637.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2129239269.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2168018595.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.3003938424.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2451530052.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2774775573.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2602497993.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2797784667.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2110584513.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2092082325.0000000004778000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://api.ipify.org/ |
Source: _145.exe, 00000000.00000003.2460052995.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2150813269.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2304552381.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2132952244.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2646935934.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.3008853653.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2607320971.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2522280834.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2326143420.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.3009346738.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2091710763.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2097131637.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2129239269.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2168018595.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.3003938424.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2451530052.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2774775573.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2602497993.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2797784667.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2110584513.0000000004778000.00000004.00000020.00020000.00000000.sdmp, _145.exe, 00000000.00000003.2092082325.0000000004778000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://api.ipify.org/N |
Source: _145.exe |
String found in binary or memory: http://api.ipify.orgx32x64%s |
Source: D4AAED77-3A86-4390-8A8C-B5376696441B.0.dr |
String found in binary or memory: https://api.pJ; |
Source: D4AAED77-3A86-4390-8A8C-B5376696441B.0.dr |
String found in binary or memory: https://d.docs.live.net |
Source: D4AAED77-3A86-4390-8A8C-B5376696441B.0.dr |
String found in binary or memory: https://login.windows-ppe.net |
Source: D4AAED77-3A86-4390-8A8C-B5376696441B.0.dr |
String found in binary or memory: https://login.windows.net/common/oauth2/authorize |
Source: D4AAED77-3A86-4390-8A8C-B5376696441B.0.dr |
String found in binary or memory: https://petrol.offi; |
Source: _145.exe, HOW TO BACK FILES.txt571.0.dr, HOW TO BACK FILES.txt661.0.dr, HOW TO BACK FILES.txt5.0.dr, HOW TO BACK FILES.txt974.0.dr, HOW TO BACK FILES.txt881.0.dr, HOW TO BACK FILES.txt13.0.dr, HOW TO BACK FILES.txt948.0.dr, HOW TO BACK FILES.txt624.0.dr, HOW TO BACK FILES.txt317.0.dr, HOW TO BACK FILES.txt323.0.dr, HOW TO BACK FILES.txt50.0.dr, HOW TO BACK FILES.txt366.0.dr, HOW TO BACK FILES.txt828.0.dr, HOW TO BACK FILES.txt169.0.dr, HOW TO BACK FILES.txt413.0.dr, HOW TO BACK FILES.txt882.0.dr, HOW TO BACK FILES.txt370.0.dr, HOW TO BACK FILES.txt307.0.dr, HOW TO BACK FILES.txt369.0.dr, HOW TO BACK FILES.txt773.0.dr |
String found in binary or memory: https://www.torproject.org/download/ |
Source: C:\Users\user\Desktop\_145.exe |
File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\D4AAED77-3A86-4390-8A8C-B5376696441B entropy: 7.9978765475 |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\AA3DCC85-1029-4D9F-A8D2-CD0AE28D4CCD entropy: 7.99755440479 |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules.xml entropy: 7.99947840966 |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230172v1.xml entropy: 7.99424683429 |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230170v1.xml entropy: 7.99367375082 |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules.xml entropy: 7.99930551022 |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\en-us_web\taskpanev2.js.gz entropy: 7.99877023877 |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\en-us_web\taskpane.js.gz entropy: 7.99851764672 |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\Ocomprivate.zip entropy: 7.99791482265 |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\Microsoft.Lync.Utilities.zip entropy: 7.99751375815 |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\Microsoft.Lync.Utilities.Controls.zip entropy: 7.99217986455 |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\Microsoft.Lync.Model.zip entropy: 7.99815024276 |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000109\dist\taskpane.js.map.gz entropy: 7.99956046235 |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000109\dist\taskpane.js.gz entropy: 7.9996621784 |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000109\dist\vendor.js.map.gz entropy: 7.99802988342 |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000109\dist\vendor.js.gz entropy: 7.9957015754 |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\en-us_web\vendor.js.map.gz entropy: 7.99979205069 |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\en-us_web\fabric.js.map.gz entropy: 7.9997236662 |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\en-us_web\taskpanev2.js.map.gz entropy: 7.99950798732 |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\en-us_web\taskpane.js.map.gz entropy: 7.99943860489 |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\en-us_web\vendor.js.gz entropy: 7.99937837542 |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\en-us_web\fabric.js.gz entropy: 7.99910644885 |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File created: C:\EFI\Microsoft\Recovery\BCD entropy: 7.99071401222 |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat entropy: 7.9967880877 |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst entropy: 7.99901582661 |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File created: C:\Recovery\WindowsRE\Winre.wim entropy: 7.99978803217 |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File created: C:\EFI\Microsoft\Recovery\BCD.LOG entropy: 7.99531741182 |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\Temp\HOW TO BACK FILES.txt -> decryption toolfollow the instructions to decrypt all your datado not try to change or restore files yourself, this will break themif you want, on our site you can decrypt one file for free. free test decryption allowed only for not valuable file with size less than 3mbhow to get decryption tool:1) download and install tor browser by this link: https://www.torproject.org/download/2) if tor blocked in your country and you can't access to the link then use any vpn software3) run tor browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privatesignin4) copy your private id in the input field. your private key: 4993809ec85ab5141aa0db3f5) you will see payment information and we can make free test decryption here6)after payment, you will receive a tool for decrypting files, and we will delete the data that was taken from youour blog of leaked companies:wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onionif you are unable to conta |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\INetHistory\HOW TO BACK FILES.txt -> decryption toolfollow the instructions to decrypt all your datado not try to change or restore files yourself, this will break themif you want, on our site you can decrypt one file for free. free test decryption allowed only for not valuable file with size less than 3mbhow to get decryption tool:1) download and install tor browser by this link: https://www.torproject.org/download/2) if tor blocked in your country and you can't access to the link then use any vpn software3) run tor browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privatesignin4) copy your private id in the input field. your private key: 4993809ec85ab5141aa0db3f5) you will see payment information and we can make free test decryption here6)after payment, you will receive a tool for decrypting files, and we will delete the data that was taken from youour blog of leaked companies:wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onionif you are unable to conta |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\INetCookies\HOW TO BACK FILES.txt -> decryption toolfollow the instructions to decrypt all your datado not try to change or restore files yourself, this will break themif you want, on our site you can decrypt one file for free. free test decryption allowed only for not valuable file with size less than 3mbhow to get decryption tool:1) download and install tor browser by this link: https://www.torproject.org/download/2) if tor blocked in your country and you can't access to the link then use any vpn software3) run tor browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privatesignin4) copy your private id in the input field. your private key: 4993809ec85ab5141aa0db3f5) you will see payment information and we can make free test decryption here6)after payment, you will receive a tool for decrypting files, and we will delete the data that was taken from youour blog of leaked companies:wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onionif you are unable to conta |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\INetCache\HOW TO BACK FILES.txt -> decryption toolfollow the instructions to decrypt all your datado not try to change or restore files yourself, this will break themif you want, on our site you can decrypt one file for free. free test decryption allowed only for not valuable file with size less than 3mbhow to get decryption tool:1) download and install tor browser by this link: https://www.torproject.org/download/2) if tor blocked in your country and you can't access to the link then use any vpn software3) run tor browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privatesignin4) copy your private id in the input field. your private key: 4993809ec85ab5141aa0db3f5) you will see payment information and we can make free test decryption here6)after payment, you will receive a tool for decrypting files, and we will delete the data that was taken from youour blog of leaked companies:wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onionif you are unable to conta |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\HOW TO BACK FILES.txt -> decryption toolfollow the instructions to decrypt all your datado not try to change or restore files yourself, this will break themif you want, on our site you can decrypt one file for free. free test decryption allowed only for not valuable file with size less than 3mbhow to get decryption tool:1) download and install tor browser by this link: https://www.torproject.org/download/2) if tor blocked in your country and you can't access to the link then use any vpn software3) run tor browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privatesignin4) copy your private id in the input field. your private key: 4993809ec85ab5141aa0db3f5) you will see payment information and we can make free test decryption here6)after payment, you will receive a tool for decrypting files, and we will delete the data that was taken from youour blog of leaked companies:wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onionif you are unable to conta |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\TempState\HOW TO BACK FILES.txt -> decryption toolfollow the instructions to decrypt all your datado not try to change or restore files yourself, this will break themif you want, on our site you can decrypt one file for free. free test decryption allowed only for not valuable file with size less than 3mbhow to get decryption tool:1) download and install tor browser by this link: https://www.torproject.org/download/2) if tor blocked in your country and you can't access to the link then use any vpn software3) run tor browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privatesignin4) copy your private id in the input field. your private key: 4993809ec85ab5141aa0db3f5) you will see payment information and we can make free test decryption here6)after payment, you will receive a tool for decrypting files, and we will delete the data that was taken from youour blog of leaked companies:wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onionif you are unable to conta |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\SystemAppData\HOW TO BACK FILES.txt -> decryption toolfollow the instructions to decrypt all your datado not try to change or restore files yourself, this will break themif you want, on our site you can decrypt one file for free. free test decryption allowed only for not valuable file with size less than 3mbhow to get decryption tool:1) download and install tor browser by this link: https://www.torproject.org/download/2) if tor blocked in your country and you can't access to the link then use any vpn software3) run tor browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privatesignin4) copy your private id in the input field. your private key: 4993809ec85ab5141aa0db3f5) you will see payment information and we can make free test decryption here6)after payment, you will receive a tool for decrypting files, and we will delete the data that was taken from youour blog of leaked companies:wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onionif you are unable to conta |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\HOW TO BACK FILES.txt -> decryption toolfollow the instructions to decrypt all your datado not try to change or restore files yourself, this will break themif you want, on our site you can decrypt one file for free. free test decryption allowed only for not valuable file with size less than 3mbhow to get decryption tool:1) download and install tor browser by this link: https://www.torproject.org/download/2) if tor blocked in your country and you can't access to the link then use any vpn software3) run tor browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privatesignin4) copy your private id in the input field. your private key: 4993809ec85ab5141aa0db3f5) you will see payment information and we can make free test decryption here6)after payment, you will receive a tool for decrypting files, and we will delete the data that was taken from youour blog of leaked companies:wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onionif you are unable to conta |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\RoamingState\HOW TO BACK FILES.txt -> decryption toolfollow the instructions to decrypt all your datado not try to change or restore files yourself, this will break themif you want, on our site you can decrypt one file for free. free test decryption allowed only for not valuable file with size less than 3mbhow to get decryption tool:1) download and install tor browser by this link: https://www.torproject.org/download/2) if tor blocked in your country and you can't access to the link then use any vpn software3) run tor browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privatesignin4) copy your private id in the input field. your private key: 4993809ec85ab5141aa0db3f5) you will see payment information and we can make free test decryption here6)after payment, you will receive a tool for decrypting files, and we will delete the data that was taken from youour blog of leaked companies:wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onionif you are unable to conta |
Jump to dropped file |
Source: C:\Users\user\Desktop\_145.exe |
File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalState\HOW TO BACK FILES.txt -> decryption toolfollow the instructions to decrypt all your datado not try to change or restore files yourself, this will break themif you want, on our site you can decrypt one file for free. free test decryption allowed only for not valuable file with size less than 3mbhow to get decryption tool:1) download and install tor browser by this link: https://www.torproject.org/download/2) if tor blocked in your country and you can't access to the link then use any vpn software3) run tor browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privatesignin4) copy your private id in the input field. your private key: 4993809ec85ab5141aa0db3f5) you will see payment information and we can make free test decryption here6)after payment, you will receive a tool for decrypting files, and we will delete the data that was taken from youour blog of leaked companies:wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onionif you are unable to conta |
Jump to dropped file |