General Info

File name

2017-07-29-BTCware-from-cabeiriscout.faith.exe

Full analysis
https://app.any.run/tasks/534d54c9-bd6a-440c-8b1e-ed80980a4060
Verdict
Malicious activity
Analysis date
4/15/2019, 08:24:55
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

ransomware

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

dc6f8298261ac0e16e6aa65f3e53b4d6

SHA1

b5f3a40ccd9a4cdd7c8fb6d5d9bf52f7235c57ef

SHA256

8c137b7ea011e0ecd9e7ad76536e6c50c29bea3a0f277a132bfe48af1b7b8958

SSDEEP

6144:VYBiiDJ/CUjdeo5j9UwGcGUEcHiPFlMno4hnnmWAM8tkegg/7whazcfmXi4wqYlu:VYBGFtlMnoW78tv77tz+Iwb0frw4y

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Deletes shadow copies
  • cmd.exe (PID: 3956)
  • cmd.exe (PID: 2408)
  • cmd.exe (PID: 3144)
  • cmd.exe (PID: 3780)
  • cmd.exe (PID: 3996)
  • cmd.exe (PID: 3284)
Starts BCDEDIT.EXE to disable recovery
  • cmd.exe (PID: 2840)
  • cmd.exe (PID: 1976)
  • cmd.exe (PID: 2200)
Dropped file may contain instructions of ransomware
  • 2017-07-29-BTCware-from-cabeiriscout.faith.exe (PID: 2468)
Changes the autorun value in the registry
  • 2017-07-29-BTCware-from-cabeiriscout.faith.exe (PID: 2468)
Renames files like Ransomware
  • 2017-07-29-BTCware-from-cabeiriscout.faith.exe (PID: 2468)
Starts MSHTA.EXE for opening HTA or HTMLS files
  • 2017-07-29-BTCware-from-cabeiriscout.faith.exe (PID: 2468)
Creates files like Ransomware instruction
  • 2017-07-29-BTCware-from-cabeiriscout.faith.exe (PID: 2468)
Starts CMD.EXE for commands execution
  • 2017-07-29-BTCware-from-cabeiriscout.faith.exe (PID: 2468)
Writes to a desktop.ini file (may be used to cloak folders)
  • 2017-07-29-BTCware-from-cabeiriscout.faith.exe (PID: 2468)
Creates files in the user directory
  • 2017-07-29-BTCware-from-cabeiriscout.faith.exe (PID: 2468)
Application launched itself
  • 2017-07-29-BTCware-from-cabeiriscout.faith.exe (PID: 2288)
Creates files in the program directory
  • 2017-07-29-BTCware-from-cabeiriscout.faith.exe (PID: 2468)
Reads internet explorer settings
  • mshta.exe (PID: 2460)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (67.4%)
.dll
|   Win32 Dynamic Link Library (generic) (14.2%)
.exe
|   Win32 Executable (generic) (9.7%)
.exe
|   Generic Win/DOS Executable (4.3%)
.exe
|   DOS Executable Generic (4.3%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2017:07:29 12:04:19+02:00
PEType:
PE32
LinkerVersion:
9
CodeSize:
44544
InitializedDataSize:
392192
UninitializedDataSize:
null
EntryPoint:
0x16c6
OSVersion:
5
ImageVersion:
null
SubsystemVersion:
5
Subsystem:
Windows GUI
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
29-Jul-2017 10:04:19
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000E8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
4
Time date stamp:
29-Jul-2017 10:04:19
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x0000AD23 0x0000AE00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.69518
.rdata 0x0000C000 0x00001F92 0x00002000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.49065
.data 0x0000E000 0x000028E4 0x00001200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 3.64337
.rsrc 0x00011000 0x0005B1F6 0x0005B200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 6.70691
Resources
1

2

3

4

5

6

7

8

101

121

126

148

179

182

197

Imports
    KERNEL32.dll

    USER32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
72
Monitored processes
27
Malicious processes
8
Suspicious processes
0

Behavior graph

+
start 2017-07-29-btcware-from-cabeiriscout.faith.exe no specs 2017-07-29-btcware-from-cabeiriscout.faith.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs vssadmin.exe no specs cmd.exe no specs bcdedit.exe no specs bcdedit.exe no specs vssadmin.exe no specs cmd.exe no specs cmd.exe no specs vssadmin.exe no specs cmd.exe no specs bcdedit.exe no specs cmd.exe no specs bcdedit.exe no specs vssadmin.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs vssadmin.exe no specs cmd.exe no specs mshta.exe no specs bcdedit.exe no specs bcdedit.exe no specs vssadmin.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2288
CMD
"C:\Users\admin\AppData\Local\Temp\2017-07-29-BTCware-from-cabeiriscout.faith.exe"
Path
C:\Users\admin\AppData\Local\Temp\2017-07-29-BTCware-from-cabeiriscout.faith.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\2017-07-29-btcware-from-cabeiriscout.faith.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
2468
CMD
"C:\Users\admin\AppData\Local\Temp\2017-07-29-BTCware-from-cabeiriscout.faith.exe"
Path
C:\Users\admin\AppData\Local\Temp\2017-07-29-BTCware-from-cabeiriscout.faith.exe
Indicators
Parent process
2017-07-29-BTCware-from-cabeiriscout.faith.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\2017-07-29-btcware-from-cabeiriscout.faith.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ole32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\mshta.exe

PID
3996
CMD
"C:\Windows\System32\cmd.exe" /c vssadmin.exe Delete Shadows /All /Quiet
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
2017-07-29-BTCware-from-cabeiriscout.faith.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\vssadmin.exe

PID
2200
CMD
"C:\Windows\System32\cmd.exe" /c bcdedit.exe /set {default} recoveryenabled No
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
2017-07-29-BTCware-from-cabeiriscout.faith.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
1564
CMD
"C:\Windows\System32\cmd.exe" /c bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
2017-07-29-BTCware-from-cabeiriscout.faith.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
3328
CMD
vssadmin.exe Delete Shadows /All /Quiet
Path
C:\Windows\system32\vssadmin.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Command Line Interface for Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssadmin.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\atl.dll
c:\windows\system32\usp10.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll

PID
3284
CMD
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
2017-07-29-BTCware-from-cabeiriscout.faith.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
788
CMD
bcdedit.exe /set {default} recoveryenabled No
Path
C:\Windows\system32\bcdedit.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Boot Configuration Data Editor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\bcdedit.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

PID
1708
CMD
bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
Path
C:\Windows\system32\bcdedit.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Boot Configuration Data Editor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\bcdedit.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

PID
3460
CMD
vssadmin.exe delete shadows /all /quiet
Path
C:\Windows\system32\vssadmin.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Command Line Interface for Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssadmin.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll

PID
3780
CMD
"C:\Windows\System32\cmd.exe" /c vssadmin.exe Delete Shadows /All /Quiet
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
2017-07-29-BTCware-from-cabeiriscout.faith.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
1976
CMD
"C:\Windows\System32\cmd.exe" /c bcdedit.exe /set {default} recoveryenabled No
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
2017-07-29-BTCware-from-cabeiriscout.faith.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
184
CMD
vssadmin.exe Delete Shadows /All /Quiet
Path
C:\Windows\system32\vssadmin.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Command Line Interface for Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssadmin.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll

PID
3788
CMD
"C:\Windows\System32\cmd.exe" /c bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
2017-07-29-BTCware-from-cabeiriscout.faith.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
2616
CMD
bcdedit.exe /set {default} recoveryenabled No
Path
C:\Windows\system32\bcdedit.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Boot Configuration Data Editor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\bcdedit.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

PID
3144
CMD
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
2017-07-29-BTCware-from-cabeiriscout.faith.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\apphelp.dll

PID
3772
CMD
bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
Path
C:\Windows\system32\bcdedit.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Boot Configuration Data Editor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\bcdedit.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

PID
1808
CMD
vssadmin.exe delete shadows /all /quiet
Path
C:\Windows\system32\vssadmin.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Command Line Interface for Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssadmin.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll

PID
2408
CMD
"C:\Windows\System32\cmd.exe" /c vssadmin.exe Delete Shadows /All /Quiet
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
2017-07-29-BTCware-from-cabeiriscout.faith.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
2840
CMD
"C:\Windows\System32\cmd.exe" /c bcdedit.exe /set {default} recoveryenabled No
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
2017-07-29-BTCware-from-cabeiriscout.faith.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
2580
CMD
"C:\Windows\System32\cmd.exe" /c bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
2017-07-29-BTCware-from-cabeiriscout.faith.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
2388
CMD
vssadmin.exe Delete Shadows /All /Quiet
Path
C:\Windows\system32\vssadmin.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Command Line Interface for Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssadmin.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll

PID
3956
CMD
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
2017-07-29-BTCware-from-cabeiriscout.faith.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
2460
CMD
"C:\Windows\System32\mshta.exe" "C:\Users\admin\Desktop\!#_READ_ME_#!.hta"
Path
C:\Windows\System32\mshta.exe
Indicators
No indicators
Parent process
2017-07-29-BTCware-from-cabeiriscout.faith.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Microsoft (R) HTML Application host
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\mshta.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\psapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msls31.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\clbcatq.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\mlang.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msiexec.exe
c:\windows\system32\jscript.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll

PID
2576
CMD
bcdedit.exe /set {default} recoveryenabled No
Path
C:\Windows\system32\bcdedit.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Boot Configuration Data Editor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\bcdedit.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

PID
1356
CMD
bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
Path
C:\Windows\system32\bcdedit.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Boot Configuration Data Editor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\bcdedit.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

PID
2876
CMD
vssadmin.exe delete shadows /all /quiet
Path
C:\Windows\system32\vssadmin.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Command Line Interface for Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssadmin.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll

Registry activity

Total events
221
Read events
208
Write events
13
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
DECRYPTINFO
"C:\Users\admin\AppData\Roaming\Info.hta"
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2460
mshta.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2460
mshta.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2460
mshta.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU
Enable
1
2460
mshta.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU
Size
10
2460
mshta.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU
InitHits
100
2460
mshta.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU
Factor
20

Files activity

Executable files
0
Suspicious files
106
Text files
114
Unknown types
5

Dropped files

PID
Process
Filename
Type
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Libraries\RecordedTV.library-ms.[[email protected]].aleta
binary
MD5: 285f5267578a568857f241d719287485
SHA256: 71dd1b63286b1c37445c657802f9f10daacc3a247aa2568c0dde347b68ef5353
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLWVW.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLWVW.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.REST.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.REST.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\OMSINTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\OMSINTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.REST.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\MOR6INT.REST.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\MOR6INT.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\MAPIR.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.REST.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\MAPIR.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\ENVELOPR.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\ENVELOPR.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLSLICER.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLSLICER.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.REST.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.REST.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISINTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISINTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISBRRES.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISBRRES.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\STINTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\SGRES.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\STINTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\SGRES.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUBWZINT.REST.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUBWZINT.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.REST.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.REST.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLWVW.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.REST.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLWVW.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.REST.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\OMSINTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\OMSINTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.REST.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\MOR6INT.REST.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\MAPIR.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\MOR6INT.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.REST.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\MAPIR.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\ENVELOPR.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\ENVELOPR.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\MySite.ico
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\MySite.ico.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\MySharePoints.ico
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\MySharePoints.ico.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\DocumentRepository.ico
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\DocumentRepository.ico.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\AssetLibrary.ico
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\AssetLibrary.ico.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Adobe\Setup\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\setup.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\ProgramData\Adobe\Setup\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\setup.ini.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Adobe\Setup\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\Data1.cab
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\ProgramData\Adobe\Setup\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\Data1.cab.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Adobe\Setup\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\ABCPY.INI
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\ProgramData\Adobe\Setup\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\ABCPY.INI.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Videos\Skype.msi
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Skype.msi
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Music\Skype.msi
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\qemu-ga\qga.state
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\ProgramData\qemu-ga\qga.state.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\state.rsm
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\state.rsm.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{7e9fae12-5bbf-47fb-b944-09c49e75c061}\state.rsm.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{7e9fae12-5bbf-47fb-b944-09c49e75c061}\state.rsm
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{568CD07E-0824-3EEB-AEC1-8FD51F3C85CF}v14.11.25325\packages\vcRuntimeAdditional_x86\cab1.cab
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{568CD07E-0824-3EEB-AEC1-8FD51F3C85CF}v14.11.25325\packages\vcRuntimeAdditional_x86\cab1.cab.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{39E15475-23F2-345D-8977-B5DC47A94E26}v14.15.26706\packages\vcRuntimeMinimum_x86\cab1.cab
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{39E15475-23F2-345D-8977-B5DC47A94E26}v14.15.26706\packages\vcRuntimeMinimum_x86\cab1.cab.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{2757496A-3E74-320A-B007-36120A9F126D}v14.15.26706\packages\vcRuntimeAdditional_x86\cab1.cab
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{2757496A-3E74-320A-B007-36120A9F126D}v14.15.26706\packages\vcRuntimeAdditional_x86\cab1.cab.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{029DA848-1A80-34D3-BFC1-A6447BFC8E7F}v14.11.25325\packages\vcRuntimeMinimum_x86\cab1.cab
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{029DA848-1A80-34D3-BFC1-A6447BFC8E7F}v14.11.25325\packages\vcRuntimeMinimum_x86\cab1.cab.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\564F02E6419B9858949B0CD5A65E2C8C0944DD88\packages\Patch\x86\Windows6.1-KB2999226-x86.msu
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\564F02E6419B9858949B0CD5A65E2C8C0944DD88\packages\Patch\x86\Windows6.1-KB2999226-x86.msu.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Oracle\Java\java.settings.cfg
text
MD5: efdb1df7eb34204c698a32cdb410e616
SHA256: 30ff188f8af83ddf2860b6a282cc884a67746a172faa1943ebaed0f42564b5c3
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Oracle\Java\java.settings.cfg
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\ProgramData\Oracle\Java\java.settings.cfg.[[email protected]].aleta
text
MD5: efdb1df7eb34204c698a32cdb410e616
SHA256: 30ff188f8af83ddf2860b6a282cc884a67746a172faa1943ebaed0f42564b5c3
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Oracle\Java\installcache\baseimagefam8
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\ProgramData\Oracle\Java\installcache\baseimagefam8.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\nslist.hxl
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.WINWORD.DEV.14.1033.hxn
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\nslist.hxl.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.WINWORD.DEV.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.WINWORD.14.1033.hxn
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.SETLANG.14.1033.hxn
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.SETLANG.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.WINWORD.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.POWERPNT.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.POWERPNT.DEV.14.1033.hxn
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.POWERPNT.DEV.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.POWERPNT.14.1033.hxn
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.OUTLOOK.DEV.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.OUTLOOK.DEV.14.1033.hxn
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.OUTLOOK.14.1033.hxn
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.ONENOTE.14.1033.hxn
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.OUTLOOK.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.ONENOTE.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.OIS.14.1033.hxn
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.OIS.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.MSTORE.14.1033.hxn
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.MSPUB.DEV.14.1033.hxn
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.MSPUB.DEV.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.MSTORE.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.MSPUB.14.1033.hxn
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.MSPUB.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.MSOUC.14.1033.hxn
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.MSACCESS.DEV.14.1033.hxn
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.MSOUC.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.MSACCESS.DEV.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.MSACCESS.14.1033.hxn
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.MSACCESS.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.GRAPH.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.GRAPH.14.1033.hxn
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.EXCEL.14.1033.hxn
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.EXCEL.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\Hx_1033_MValidator.Lck
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\Hx_1033_MValidator.Lck.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\Hx_1033_MValidator.HxD.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\Hx_1033_MValidator.HxD
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\Hx_1033_MTOC_Hx.HxH.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\Hx_1033_MTOC_Hx.HxH
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\Hx_1033_MKWD_NamedURL.HxW
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\Hx_1033_MKWD_K.HxW
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\Hx_1033_MKWD_NamedURL.HxW.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\Hx_1033_MKWD_K.HxW.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\Hx.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\Hx.hxn
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLSLICER.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLSLICER.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.REST.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.REST.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.DLL.trx_dll.[[email protected]tonmail.ch].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISINTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISINTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISBRRES.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\STINTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISBRRES.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\SGRES.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\STINTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\SGRES.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUBWZINT.REST.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUBWZINT.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.REST.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp
text
MD5: 90e84d03619312aa0a96ea1598197f3a
SHA256: 83e9b63393ad555b0ad19a25487e0810626cfc5549d5d6947dc865e182dad561
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\ProgramData\Oracle\Java\java.settings.cfg.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Adobe\Setup\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\Data1.cab
text
MD5: efdb1df7eb34204c698a32cdb410e616
SHA256: 30ff188f8af83ddf2860b6a282cc884a67746a172faa1943ebaed0f42564b5c3
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp.[[email protected]].aleta
text
MD5: 90e84d03619312aa0a96ea1598197f3a
SHA256: 83e9b63393ad555b0ad19a25487e0810626cfc5549d5d6947dc865e182dad561
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Videos\Wildlife.wmv
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\Wildlife.wmv
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Music\Wildlife.wmv
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Videos\Sample Videos\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Videos\Sample Videos\desktop.ini.[[email protected]].aleta
binary
MD5: e75120235c10869fd11ce8636584f834
SHA256: f9db6c13622fbe38890e8c3431d2e6bb957476ff3264686fc7afa0ec17ba397a
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Videos\Sample Videos\desktop.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Videos\desktop.ini.[[email protected]].aleta
binary
MD5: 656408df3da0557a5a7d79a316152d34
SHA256: 429d6cac6ab3d0bd2adfae33fd407142021375f6e81284330bbe3fa97ca2bc5c
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Recorded TV\Sample Media\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Videos\desktop.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Recorded TV\Sample Media\desktop.ini.[[email protected]].aleta
binary
MD5: 4f5005e7d5805c26011812df88dc3452
SHA256: 692546663f407cb627cc9d752acb05b1fa5a0fe9563a0dba27a66d7514cbd570
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Recorded TV\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Recorded TV\Sample Media\desktop.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Recorded TV\desktop.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.[[email protected]].aleta
binary
MD5: 78a744b9acbb9ff8a45176fba69bcfb7
SHA256: 8f83763706d9114ad11800408711e4b9a08d0d33ec65300fa44fb7a8c1546984
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Recorded TV\desktop.ini.[[email protected]].aleta
binary
MD5: 83ba51beb0d859390d4709a6d81ed1db
SHA256: 6af4f398a15112dccd8473082806b5b6a81768ccef5357e479f291d235be47ba
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg.[[email protected]].aleta
binary
MD5: a85018b7244d49503770d3edfc4d1d42
SHA256: 6282acfe3de3e849596f4cb07fb2fee94f9b283b247bf7227dd9e740f8324f3b
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.[[email protected]].aleta
binary
MD5: a6b91706b1cf41602c50830fa381276f
SHA256: 3572ffcae6a30b83ef30145890d6e0ae60794448011895f32b39c8cc65bd7e22
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg.[[email protected]].aleta
binary
MD5: f17ebd3182477c95240249e7f8ce5de0
SHA256: 2598f2ebb57f9b901ca1d57972602909984c2ca8638c131e4b668fc0f294268d
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg.[[email protected]].aleta
binary
MD5: 84c396ed736e21cde66fd6c77906c5e5
SHA256: 0c0a7b9722954411de82b121e880372e899e14a71ea4bd6f189caad25985c140
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.[[email protected]].aleta
binary
MD5: 1e972292a77303b47888156c1f161089
SHA256: 7d44c61c8854478d08bd8b3e5d6776abfb6e40b2994500e5060796d21c30767e
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\desktop.ini.[[email protected]].aleta
binary
MD5: 1350f2fab0717e18d584ad503b3d96df
SHA256: bb4c09bce78f442e6d31b88b7a98220dd19c71aa8e279abff5571c2d8d757527
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\desktop.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.[[email protected]].aleta
binary
MD5: 0dedcbbe2d530735865804ca50d678b9
SHA256: 4abd180fc281421e5daa522c9134bcc1d531bf61941341ee63fdded4a12c794b
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.[[email protected]].aleta
binary
MD5: 59cdcf0944532dfa811477e9cc134621
SHA256: a40341b43cdcda84ddb5d96c9e3d491c982e852674754454f690f408682ec208
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\desktop.ini.[[email protected]].aleta
binary
MD5: 94b35fb1efdd1cfdc2f0e6a977ca2730
SHA256: d9de8c5ee11d83a628ba4518817589a1e12c5fb80a38fd9b31435dac1262dd30
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\desktop.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.[[email protected]].aleta
binary
MD5: 38ff2de334bd82921a1752c51ba97e11
SHA256: 04baa46198ca000eedb6592b409eebca5daee737b6aa0dd521d4ebad89739343
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Music\Sample Music\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Music\Sample Music\desktop.ini.[[email protected]].aleta
binary
MD5: 5fa6fcae14278ccc17c9b6ed40437ae3
SHA256: a146db98b4191a2fc8a40811146cc5da2a73d04d2e69a850af9e5012918d5ecb
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Music\Sample Music\desktop.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Libraries\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.REST.trx_dll
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Music\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Music\desktop.ini.[[email protected]].aleta
binary
MD5: 078e3d523f0389c58e739aa1b4c7d366
SHA256: f8a9bcef4d7c82ec533dbd85fa8015b6bf9159332928bff389a27fad4293cde5
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Libraries\RecordedTV.library-ms
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Music\desktop.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Libraries\desktop.ini.[[email protected]].aleta
bc
MD5: 1228ae09e51989ac5df704f3dee3173f
SHA256: 3d4aa6ca72dc09af63bd1b36b14bc9beae4e583869e6b42fca26bd15999b0732
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Downloads\desktop.ini.[[email protected]].aleta
binary
MD5: 2ac79c30fa9be2765d7e9959658a2c7f
SHA256: 5a56d801ce4c1fa213d285fd87c7a399f3961562acc330e32cf0753a5635a9ce
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Downloads\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Downloads\desktop.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Libraries\desktop.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Videos\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Documents\desktop.ini.[[email protected]].aleta
binary
MD5: c3e8eb68abc7d0687c7e92ed3e6283ce
SHA256: 4354a35e7b3c7870d91969ebfcf22ce31fea46bcb9111be7532bcdea829c167e
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Documents\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\desktop.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Documents\desktop.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\desktop.ini.[[email protected]].aleta
binary
MD5: 6207203e11cf4c0faf01d95c7b333625
SHA256: a6bb8622bf6f47b47b632882c4157af947b2b19e688dd258485fb79fe9966312
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Skype\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\qemu-ga\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Oracle\Java\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Oracle\Java\installcache\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\updates\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\MOZILLA\UPDATES\308046B0AF4A39CB\UPDATES.XML
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\updates.xml
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\ProgramData\Mozilla\updates\308046B0AF4A39CB\updates.xml.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\updates\last-update.log
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\update-config.json
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\MOZILLA\UPDATES\308046B0AF4A39CB\UPDATES\LAST-UPDATE.LOG
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\ProgramData\Mozilla\updates\308046B0AF4A39CB\updates\last-update.log.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\MOZILLA\UPDATES\308046B0AF4A39CB\UPDATE-CONFIG.JSON
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\ProgramData\Mozilla\updates\308046B0AF4A39CB\update-config.json.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\MICROSOFT\USER ACCOUNT PICTURES\ADMIN.DAT
text
MD5: efdb1df7eb34204c698a32cdb410e616
SHA256: 30ff188f8af83ddf2860b6a282cc884a67746a172faa1943ebaed0f42564b5c3
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Microsoft\User Account Pictures\admin.dat
text
MD5: efdb1df7eb34204c698a32cdb410e616
SHA256: 30ff188f8af83ddf2860b6a282cc884a67746a172faa1943ebaed0f42564b5c3
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Microsoft\User Account Pictures\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\All Users\Microsoft\User Account Pictures\admin.dat.[[email protected]].aleta
text
MD5: 90e84d03619312aa0a96ea1598197f3a
SHA256: 83e9b63393ad555b0ad19a25487e0810626cfc5549d5d6947dc865e182dad561
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\All Users\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf.[[email protected]].aleta
binary
MD5: 4499ede8c90d34a5b7c942a2d3b5ba01
SHA256: b05fd4e771726dc7463bbd8c7588c65b7687f07b1847ee427748759175b4ff01
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Microsoft\RAC\PublishedData\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\MICROSOFT\RAC\PUBLISHEDDATA\RACWMIDATABASE.SDF
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Microsoft\MF\Pending.GRL
text
MD5: efdb1df7eb34204c698a32cdb410e616
SHA256: 30ff188f8af83ddf2860b6a282cc884a67746a172faa1943ebaed0f42564b5c3
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Microsoft\MF\Active.GRL
text
MD5: efdb1df7eb34204c698a32cdb410e616
SHA256: 30ff188f8af83ddf2860b6a282cc884a67746a172faa1943ebaed0f42564b5c3
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\MICROSOFT\MF\PENDING.GRL
text
MD5: efdb1df7eb34204c698a32cdb410e616
SHA256: 30ff188f8af83ddf2860b6a282cc884a67746a172faa1943ebaed0f42564b5c3
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\MICROSOFT\MF\ACTIVE.GRL
text
MD5: efdb1df7eb34204c698a32cdb410e616
SHA256: 30ff188f8af83ddf2860b6a282cc884a67746a172faa1943ebaed0f42564b5c3
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\Transforms\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Adobe\ARM\Reader_15.007.20033\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Videos\desktop.ini.[[email protected]].aleta
binary
MD5: ddb9da4fc017867c555a1eb3ef07f2fb
SHA256: 798ee8df8bf6dde0605a475177f5211af08e8895a58253a3355759404fa3a767
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Videos\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Videos\desktop.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Templates\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Microsoft Outlook.searchconnector-ms
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Templates\Microsoft Outlook.searchconnector-ms
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo\Microsoft Outlook.searchconnector-ms
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms.[[email protected]].aleta
binary
MD5: 21c2d944dc05cd316d9e013ca084f69d
SHA256: 57d9ab1c5bdc9e61885bb253d593e19fdbc7dab0208b49dcf6b2dffe684e42a3
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Searches\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms.[[email protected]].aleta
binary
MD5: 473e3cb0e09673ac34d0af9fe17fd394
SHA256: b29651c072e47e9aa4fcc404a35e347b2687b8e15cef51c5e625d336f304b832
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Searches\Indexed Locations.search-ms
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Searches\Everywhere.search-ms.[[email protected]].aleta
xml
MD5: 0fa26b6c98419b5e7c00efffb5835612
SHA256: 4094d158e3b0581ba433a46d0dce62f99d8c0fd1b50bb4d0517ddc0a4a1fde24
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Searches\Indexed Locations.search-ms.[[email protected]].aleta
xml
MD5: b6acbeb59959aa5412a7565423ea7bab
SHA256: 99653a38c445ae1d4c373ee672339fd47fd098e0d0ada5f0be70e3b2bf711d38
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Searches\Everywhere.search-ms
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Searches\desktop.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Saved Games\desktop.ini.[[email protected]].aleta
binary
MD5: e61e27cb9c46598e848380574f079798
SHA256: 5a44d8f887841e48fbfce58510053bf4690a6b2f38a4bd9b1a8f6c95b2e5da0a
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Searches\desktop.ini.[[email protected]].aleta
binary
MD5: dd03153bde9aac2c806d9282d7201ea9
SHA256: 8c090fb98816b938ed9f200516adb864eb086a17c12e8730e37ebfa5256bd6fa
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Saved Games\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Saved Games\desktop.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\thereforespecial.png
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\thereforespecial.png
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\subjectconsider.png.[[email protected]].aleta
binary
MD5: 785b53afa0bef340ca5df725463785b3
SHA256: 25b4dab9467dbbac62d56087171457fa3b4f82098baaac57bdfe47f429bedb67
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\thereforespecial.png.[[email protected]].aleta
binary
MD5: c821bab1b3adc0389a87c0f635e19d8e
SHA256: 13784b3141f6ff8885c568fb39f61952c8d2491cd2e0aafbf087a9ad4d9ad2a6
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\thereforespecial.png
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\subjectconsider.png
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\mobileyork.jpg.[[email protected]].aleta
binary
MD5: e70e647db43d65cb2b30ec2e3603c4ba
SHA256: dc9608dd3191a1c21214b2b7b0d3e35a18224128e7cfd0299ccfbcff4a6b9c45
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\shippingmartin.jpg.[[email protected]].aleta
binary
MD5: 94946c7809b83fb05d6e7a8285ad65ea
SHA256: 548c994b8e31fa77627ef89d11305f95b43f26fb5f903ba4dd703a022427d9a1
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\energycopyright.jpg.[[email protected]].aleta
binary
MD5: 50ea550236de2ae53edba166d91d94ad
SHA256: 77c21c3234c39879b91d4725f1e514f9f5dbf80b19143847bf7d02078f580bb9
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\mobileyork.jpg
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\energycopyright.jpg
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\shippingmartin.jpg
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\desktop.ini.[[email protected]].aleta
binary
MD5: 72d914bd3aa8beeb7b44beb20095a397
SHA256: b8082fbb9168439b1cb04212cd3764b17408e06ad7dc2ce8d05697a8a22bf897
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\diseasedirector.png.[[email protected]].aleta
binary
MD5: e8a891eea17f7d3b7cbb32ae905ff7fe
SHA256: 7a2f4218daf204f9e8be0764e06b652f1378b5b6cf4c47587b2ea9fb6ff55bfc
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\diseasedirector.png
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\desktop.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\basketshop.png.[[email protected]].aleta
binary
MD5: 6ab7fbd6d3dc39bf6d6c895b8d957c74
SHA256: c71f524fc99f82512b2abd0c918b8925d3ba0b69173210de2bc10ae01d7d0689
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\ntuser.ini.[[email protected]].aleta
binary
MD5: a40deca78621ae4b3ee2404e0f376ddf
SHA256: 3761e77f5b01d60a6ca27cd65878a3014b56fc8253a87fbad3717d06d30e7026
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\basketshop.png
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\ntuser.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\desktop.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Music\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Music\desktop.ini.[[email protected]].aleta
binary
MD5: ad9106a7bbf8fef011a985e95cde9c76
SHA256: b36054cf1b951a21254e06df43f27f208dcff07ad234d247b96dfcb5219e5a7c
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\desktop.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Music\desktop.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Links\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Links\RecentPlaces.lnk.[[email protected]].aleta
binary
MD5: 40f38483c7dd847291028549bad28487
SHA256: 2129fc8399bd79bac0b94655176eb867e252b637dac0a9451ef99f9b9252b5f2
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\RecentPlaces.lnk
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Links\RecentPlaces.lnk
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Links\Desktop.lnk.[[email protected]].aleta
binary
MD5: 3a8cb2f32048c658c2da21b7adfabe29
SHA256: 3c0d747ad9ce546717284ad80381333f941d759c37f1e996188511a4fc854c64
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Links\Downloads.lnk.[[email protected]].aleta
binary
MD5: eaaa47646be1c80475cb2a00a12e72a9
SHA256: f91804333b748db8e54e41808c82dc4e24209900cf534c674494cbb42898048d
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Links\Downloads.lnk
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Links\Desktop.lnk
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url.[[email protected]].aleta
binary
MD5: a8285e588abafa5b31df1a33220ea7d7
SHA256: e5f50b91f51bce5bb75435b6d03d2fba7bfc95baf9bc43cab7fa690e8b2c4b11
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Links\desktop.ini.[[email protected]].aleta
binary
MD5: f3aabbf647b148a6407201093d386ea8
SHA256: b4457dea18805ed188bc71bd656b5940e06ef9af06f3f4faa41d0301afd5aba6
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Windows Live\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Links\desktop.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url.[[email protected]].aleta
binary
MD5: 2a7731d2bf46a16bebc467f2ec15ad6b
SHA256: c9c2f6b0ad8e05f92696d6466576892f4ad9680b85de4ec56723bafc62e98b74
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url.[[email protected]].aleta
binary
MD5: 8006975ede9ef1b5755bd360b3c5a78e
SHA256: db6a9c109a7b28128f82bea3c78ff4c3c639fd5a1317cc97d7c240c70b130653
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url.[[email protected]].aleta
binary
MD5: 8adae8d35c07d5f06cd6f37b3f74ba09
SHA256: 5f5901c646e1d398726f0e7162871658a2e5672bd33c944a2928690330c583e1
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url.[[email protected]].aleta
binary
MD5: f8c6bac9781b54fc50065ed2b3082d5d
SHA256: e1b5d7f6b602ac0ac129f18dc52bdfdb1c4387c4ca75c4fd5696aa062897a356
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url.[[email protected]].aleta
binary
MD5: 6c8af2d55cb6b096ab6f9227d01e3dc6
SHA256: 1ec2ed2290aa5cc0e1c102228d5dce0adc272b0dd31f77d52abaeaf070a3f812
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\MSN Websites\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url.[[email protected]].aleta
binary
MD5: 31d5e995f6bb90cca2b80a5efe767f74
SHA256: d7b3f2d404c8f9c19285df616b9eb2820dc563e021888a99c1f3e40539245cb3
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url.[[email protected]].aleta
binary
MD5: 23beb81d0a2a72ebd6dbb07f6810cb83
SHA256: bd17beff9b59e9d4f93822715d3afb3eeaabdcd21497043d658d262f06fa93d3
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url.[[email protected]].aleta
binary
MD5: 41cd9f10ee17f60309922398fd23101d
SHA256: 2627f3714ddd0f19ee2f8a608a488e63044ddf4aca318c971a36e439271fad1c
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url.[[email protected]].aleta
binary
MD5: 384831a14813ef62fc202d294c95f41e
SHA256: ec5f8751227f62690b6ad8a751f27f39fb34e71fe20dc96c6794e7cac3b88b47
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url.[[email protected]].aleta
binary
MD5: c98886d55c7b17d4204403f6405d7230
SHA256: cf33d68a745c6ee2c06210187d1737e95b00244d53bbdedb631e4c49acb2de33
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Microsoft Websites\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url.[[email protected]].aleta
binary
MD5: 20e365ce6a5747ccefb70c83625e2fa4
SHA256: 2ab1e2aa9ddb679c7fb0e6fcb89e58bc140dbc2daa8a4767567f6882a81e51fb
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url.[[email protected]].aleta
binary
MD5: e7a11f19863434f2caed0f7b9edf5c1d
SHA256: b89cce7b57c1c6afe2cc04e2660b154792f3d9aaf0a065ca812861da228fcdee
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url.[[email protected]].aleta
binary
MD5: 5afc0b9f47c299c6272fec9f9e0aec6f
SHA256: 5cd9863561d954d423b0463d1be407d16f3fc82924fca4727bf0191684233dea
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url.[[email protected]].aleta
binary
MD5: 06bfdee6a557652aa72f3c80bb8ed939
SHA256: f4ca8eacf7fbd2fdff61e53131845fbee07c5b6c57cf88c82039b0f96a950f67
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Links for United States\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url.[[email protected]].aleta
binary
MD5: b02b0f9844b56df27536958f4ddefc92
SHA256: d2057c07ebb29abd649670d15d2dcfbb5d81a4cee0422b4b07d085759116d376
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url.[[email protected]].aleta
binary
MD5: 9810fa05949cd1f1d234f048a9bbb473
SHA256: 6795d1c13145a37f347e651a1c523e79c94c9b0cb593ea7a44d1b11d8eadb440
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Links for United States\desktop.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Links\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Links for United States\desktop.ini.[[email protected]].aleta
bc
MD5: 75f48b59bd34d930fbb25333fef1022e
SHA256: 5de6bd1ea4ded3b53c27b80b517c7b8c6f0408c89518de6ea90bd8c408d1a495
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url.[[email protected]].aleta
binary
MD5: df1473ce266e5e755973e6843be16fb5
SHA256: ffdcf990752bcdb09bd30fca11688b5d51307a2a04b9d82e79fe27933d2bfbb0
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Links\desktop.ini.[[email protected]].aleta
binary
MD5: fcfc829049fd037953c6a8751c55529c
SHA256: 5f8b26bd1c79b82aef7317d2fa7d92b2a0c54abe924ddbda3091e55728164e5e
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url.[[email protected]].aleta
binary
MD5: 48fdbc2294aa2467c4e34ad2b7c30f69
SHA256: b4a6c13de18d46ce47ce3523d393d44ea9e69b888ac7080eb15ca7019faa1a0a
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Links\desktop.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\desktop.ini.[[email protected]].aleta
binary
MD5: 469e9cf81703dc5c4bb2b32eff1f4bab
SHA256: da34b893d665516733fcafca7dd84dfa56d81941bd4871d44ee8aecb63e11c39
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Downloads\primaryva.png.[[email protected]].aleta
binary
MD5: d15bd86b2e4f4ad770cee827e4e344cc
SHA256: 173488eeefe9bc80d1c31ff768cfb304a547aacb47a61c9251d1d95b42fac8d5
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Downloads\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Downloads\rentrule.png.[[email protected]].aleta
binary
MD5: db1848e50ed8169a9ff745e8c96214c8
SHA256: 9fc788d2b79f92428fe16268a4881f891087abdf00825309e6d13587bfac8045
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\desktop.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Downloads\rentrule.png
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Downloads\primaryva.png
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Downloads\desktop.ini.[[email protected]].aleta
binary
MD5: 171d582b9ab1894e20c6eeb1907fd3c9
SHA256: 610e6548926e7f80bc3a33e1c537a2456a0589029c5046efdf237ce57c34f5c0
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Downloads\organizationeducational.png.[[email protected]].aleta
binary
MD5: 7fc76351d99f8cd9354c5275b3623475
SHA256: 25245749e5de8eba20e68655bd1ce80c986c6bb87ccb0dd928045fc2bb0cec7b
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Downloads\browntown.png
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Downloads\desktop.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Downloads\organizationeducational.png
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Downloads\alreadytour.jpg.[[email protected]].aleta
binary
MD5: 40c2006987e23aa71fe3b75a897c36f7
SHA256: 9a80a54610b273b330ad36e219881dd37af04378d813a9df8f234c120b00a34e
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Downloads\browntown.png.[[email protected]].aleta
binary
MD5: 9bf1eef3dc07526aa3cecf55d5eac22b
SHA256: 47eac4b356e9660eb5f7e67df5ffb52b497595098366c7092951cd21a1d8a583
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Downloads\alreadytour.jpg
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp.[[email protected]].aleta
pgc
MD5: 9feec5f959184790b3525484e03a8fa0
SHA256: 79e270c42598aef51f72b28bea0d722a4f6bf6cb5fc834e57b0f7957704c5596
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst.[[email protected]].aleta
binary
MD5: c172e0fd842e0632bb90cc09669a37f5
SHA256: a85d42af78ee37850429e93fe217929230e42b822230ac55f936396499810a43
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst.[[email protected]].aleta
binary
MD5: 2a92448d8bafdc23bed0e52e543fa55f
SHA256: 3a9aded5dbe3d890258c1f540ac35b111ad1e0c36e584b2f28e98a962dd6f406
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\Outlook Files\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst.[[email protected]].aleta
binary
MD5: dc5529820f0a62a2c641deafb4eca510
SHA256: f6cb84dcbaa1b71e95cbb215ada4bdaebaac932f81137d4bbaf12eea66ae316d
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\Outlook Files\[email protected][[email protected]].aleta
binary
MD5: 235441ad945aa53ddca317dd356a8a5f
SHA256: e651e333a53160d0e19ebc174e09c97ee8d3f2af98c5a080d2dcc3be94219965
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one.[[email protected]].aleta
binary
MD5: 8a42e360f569b5c0aca70f4da68c8bfc
SHA256: 2b9bc72f9084c475ff9f00310f77c03e5d91a2f8eebadfdeeedaf16898eb6008
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2.[[email protected]].aleta
fli
MD5: 1dc2ddefe0470b89c5a5fb13495a80e9
SHA256: 6b844bfbcd3576efaa1ddfcdefc4871db5609c654e86fd495f8871833b36c7ca
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one.[[email protected]].aleta
binary
MD5: 8f108e59d59a82c9113700e05705fe35
SHA256: 4082d7d389a1d24416060278ecea200276b3d9c4339989ed6afa35e025fbec67
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\octoberdifference.rtf
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\octoberdifference.rtf.[[email protected]].aleta
binary
MD5: d876cadcbe669c1abecda044435f54cd
SHA256: 06a945fd06d672c47d4be2bc0ff0856a1a7e8dd6efd01107e913cee078f61f2c
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\jultickets.rtf.[[email protected]].aleta
binary
MD5: 8627d0ab698f609531444af05c3aec1d
SHA256: a2a2b280a6e5da8d5a8c33f6cb3cebafebd4368da9e1e5be751678be2f81f032
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\experienceunique.rtf.[[email protected]].aleta
binary
MD5: 6d79c1c19e2b44b45a5284bdd62cad19
SHA256: 3e34d807f134b842cf8b28536948d9c44e7ac6673631925ca68b02c53a147a39
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\experienceunique.rtf
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\jultickets.rtf
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\winsize.rtf.[[email protected]].aleta
binary
MD5: 2e722a4355b5a0603d5d1cb737831d28
SHA256: b880dd3186cd4cdd51ebcaf59b113fb1b8c639697a7311a61a0ab7294384ed78
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\usbamong.jpg.[[email protected]].aleta
binary
MD5: 3c04712132cf4f7f2124b6d927c1960a
SHA256: 7a75d45d19c2128b808fcba12c3d0262939768e1d9b3ed8f6061dbc26fc23a61
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\desktop.ini.[[email protected]].aleta
binary
MD5: 8bacf96302faf0f74d0155cf8ff2aa19
SHA256: a97b2e6e1530e8d0c2e539963a21f8f28bb286c5ebf9012f65580e479c07974b
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\winsize.rtf
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\usbamong.jpg
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\oneview.png.[[email protected]].aleta
binary
MD5: a6fda6198342cb1f6534103ea5b5fb06
SHA256: 36fd1c6826f48ec7ad45631573fc5de351db592f943f0165cdc5c457f4e2cada
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\membershiphost.jpg.[[email protected]].aleta
binary
MD5: d25e45a2a9151a1ae628a74a754e0710
SHA256: cbfd7bbffa3c642812d3717e01445c4f14d253c7c510bc2c4b59e786a7eba20b
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\oneview.png
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\membershiphost.jpg
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\itcatalog.png.[[email protected]].aleta
binary
MD5: 7629c535235884051aa200df33acd675
SHA256: 7d7e62b6c68a30c05cb7ae009866c3984022bd31145dc0f480572c088a7ec6dc
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\iianswer.rtf
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\itcatalog.png
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\iianswer.rtf.[[email protected]].aleta
binary
MD5: 1a1f6fde360c0f8cdc2af3fbc5db829f
SHA256: 02305e4144b9fb5e6ef82c6bd95af213cd5fcb2a92337efd74df0f43c0611586
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\hback.rtf.[[email protected]].aleta
binary
MD5: 46b8df89ea756b3c8a4e7807420767d4
SHA256: 750805cfa72622d0bdd38ed97735ef97e52579a8685df796fb7ef98842e8f7e0
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\hback.rtf
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\developjune.png.[[email protected]].aleta
binary
MD5: 49f7b435e659d7638e9a2b57d7ff76f8
SHA256: 95160afc62a1701a1b0a2914b595cc8a3c06c816852789da93a5e5fafced59bc
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\desktop.ini.[[email protected]].aleta
binary
MD5: 6157713958119ae63fa9572e548ce49b
SHA256: d6f2eb235d346c491d665209aeb5033ac0a356a6f16290c9e50c4f033059ebe3
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\desktop.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\developjune.png
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\communicationfrom.png.[[email protected]].aleta
binary
MD5: 4cbe3813a3b768bfa5331857c8ef03f6
SHA256: c272f9e24fe0a4e64df28dc1a089738361630eaf88cadd9ad96891e7b236e9be
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Contacts\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Contacts\desktop.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\desktop.ini
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\communicationfrom.png
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Contacts\desktop.ini.[[email protected]].aleta
binary
MD5: cca276dc239fa52d7155597772e038a7
SHA256: 27d2983e6bf10ddb2d033b6f66e747b12f47da250d09f6ac892d3bc028906266
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Contacts\admin.contact.[[email protected]].aleta
binary
MD5: 66b352e7feb4e13c95c1ee5fb46d30b7
SHA256: 48c3495c8bce91616b52e6fcfa0577a15846df11b4cdb33972414fdd2fcc2735
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Contacts\admin.contact
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\.oracle_jre_usage\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\90737d32e3abaa4.timestamp
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp.[[email protected]].aleta
binary
MD5: 09a4090b6c7abfc072563e7b65ffbe93
SHA256: ed470d2daba6b94bddf15d2ccdd13748376a69532feacee9df325a9ec6f311a7
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\zghxvyfp.sto.[[email protected]].aleta
binary
MD5: 298e3271e2fd4314c146a62791674f99
SHA256: c8858a1f0d3f7d176459c2ef64200cdcac90752d174f6c8d14265b9352788306
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\zghxvyfp.sto
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\vlsr45jw.r1a
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\vlsr45jw.r1a.[[email protected]].aleta
binary
MD5: b3bd3f70721a19138694ff55f5a07ee7
SHA256: b65c664ca3f23f836deca50e6d761a4ad47e33d83d0b5d832758c3c0d2ccef91
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\u4rookme.4ao
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\u4rookme.4ao.[[email protected]].aleta
binary
MD5: 0a19511813d75242cb78b3b46e80f345
SHA256: 36494378312116c4fe2c747cb527c0912f70e566f120fe6bcfe6668cda211253
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\tvhzpiw2.w4j.[[email protected]].aleta
binary
MD5: 2a284a732613bfbc045aa5ac16ddf885
SHA256: fe11580965aab872a5113a226574c187398fe9c86ddbccb6c5dd011c9f10652b
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\tvhzpiw2.w4j
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\tefpes0u.0rx.[[email protected]].aleta
binary
MD5: 09e63a23929a8696ef113a99e08fb596
SHA256: 699cdc9c4feeefdd583d0e551e303c6e5be9fc0204169cb5e50b8a91fcbe46a0
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\tefpes0u.0rx
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\!#_READ_ME_#!.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\rku3u2zg.43t
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\rku3u2zg.43t.[[email protected]].aleta
binary
MD5: 74347f68564c5a51b65a047839f8e066
SHA256: cc6c42afde87e82837646e29fc3cda48ad3dabf639792ea7844ba157c9cccb1b
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\q3rtvnww.wkt
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\q3rtvnww.wkt.[[email protected]].aleta
bs
MD5: b93fd8f235e4edc9556b830660c5a38d
SHA256: 46b3f12bc2b409ebd96a1ebe26a60dd4437fa278b4d2a298dff06634946be535
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\lxveofpt.ked
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\lxveofpt.ked.[[email protected]].aleta
binary
MD5: 9719472f52f6b53c2b1c2bf820d54aee
SHA256: 82a38c0e152aac0b908d4ac65853e97b9de89ecb9fc6712430fd4240f6a9141e
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\luj4qib2.sns.[[email protected]].aleta
binary
MD5: 06dff86f3be8fb9fce363bffb473d537
SHA256: 4e9a7e080e2bc52dd9e3cd1d40629061eaf509692f2902151a2d396a9436025a
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\luj4qib2.sns
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\kepii5ba.ien
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\kepii5ba.ien.[[email protected]].aleta
binary
MD5: 5403c97c0db4d2a66492a082b285a102
SHA256: 9fb3d86742918e9f95daa61e4ade5e74a2e861a0be69ebb6fd6542e28176e728
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\ij1ljszf.wnp.[[email protected]].aleta
binary
MD5: 2430fefd9dd40ae88a9063830ac6cbed
SHA256: e25e9343e507c80f8ddee2a22f5b179b838ea6edbae86fee14d099833d8f4eb5
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\ij1ljszf.wnp
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\hro0jpiz.o2j.[[email protected]].aleta
binary
MD5: 30c6bfbe91a9581aceb59b56fd1fd535
SHA256: 4d13ecf2de68d55a72f4300d6d02babaa89ec8889e22299feb7605ad5c3e95dc
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\hro0jpiz.o2j
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt
text
MD5: efdb1df7eb34204c698a32cdb410e616
SHA256: 30ff188f8af83ddf2860b6a282cc884a67746a172faa1943ebaed0f42564b5c3
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\ft320tek.2jb.[[email protected]].aleta
binary
MD5: e4084404221ca233a111ec081d3c5989
SHA256: 8f0fb48a8c3c0d829473543a9a0f846e86bd6f8f0dcbd1a80e5c58c55e5ea8be
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\ft320tek.2jb
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\dursbqyv.p4v.[[email protected]].aleta
binary
MD5: c73137336e8715fc923cd7f35a4033b5
SHA256: b16b44b6e9a4290b03ff685dbeaea2af99f25de1061fbd84891cbddb73b6eada
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\dursbqyv.p4v
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\cntmx25j.md0.[[email protected]].aleta
binary
MD5: 69e99fb1bf655946a21c9244b642207b
SHA256: baac8dced4a851bb170094128f0fc1e58e348c1094c6a924d7032c8c18c2f65f
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\cntmx25j.md0
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\4vrhs5at.m35.[[email protected]].aleta
binary
MD5: c63775abec834eb256fa791ba77ee93c
SHA256: 02b32aaed0194cbd5ca4228faab8010a5c31f6fe6e8ad1056559860a8d03d9fe
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\4vrhs5at.m35
––
MD5:  ––
SHA256:  ––
2468
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Info.hta
html
MD5: 2851b73e4075bfba043b86b8ec73d32b
SHA256: 1c80932ff2b6b546645a9be9a1d902ee4aef76ba038a61601ee0b450c6b2db57

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

No network activity.

Debug output strings

No debug info.