General Info

File name

2017-07-29-BTCware-from-cabeiriscout.faith.exe

Full analysis
https://app.any.run/tasks/5ed6aa2b-0e3c-4132-a60f-0116f20fc3b9
Verdict
Malicious activity
Analysis date
4/15/2019, 09:24:04
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

ransomware

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

dc6f8298261ac0e16e6aa65f3e53b4d6

SHA1

b5f3a40ccd9a4cdd7c8fb6d5d9bf52f7235c57ef

SHA256

8c137b7ea011e0ecd9e7ad76536e6c50c29bea3a0f277a132bfe48af1b7b8958

SSDEEP

6144:VYBiiDJ/CUjdeo5j9UwGcGUEcHiPFlMno4hnnmWAM8tkegg/7whazcfmXi4wqYlu:VYBGFtlMnoW78tv77tz+Iwb0frw4y

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Deletes shadow copies
  • cmd.exe (PID: 3812)
  • cmd.exe (PID: 2456)
  • cmd.exe (PID: 764)
  • cmd.exe (PID: 3780)
  • cmd.exe (PID: 2380)
  • cmd.exe (PID: 1920)
Starts BCDEDIT.EXE to disable recovery
  • cmd.exe (PID: 3684)
  • cmd.exe (PID: 1856)
  • cmd.exe (PID: 636)
Dropped file may contain instructions of ransomware
  • 2017-07-29-BTCware-from-cabeiriscout.faith.exe (PID: 3168)
Changes the autorun value in the registry
  • 2017-07-29-BTCware-from-cabeiriscout.faith.exe (PID: 3168)
Renames files like Ransomware
  • 2017-07-29-BTCware-from-cabeiriscout.faith.exe (PID: 3168)
Starts MSHTA.EXE for opening HTA or HTMLS files
  • 2017-07-29-BTCware-from-cabeiriscout.faith.exe (PID: 3168)
Creates files like Ransomware instruction
  • 2017-07-29-BTCware-from-cabeiriscout.faith.exe (PID: 3168)
Application launched itself
  • 2017-07-29-BTCware-from-cabeiriscout.faith.exe (PID: 3580)
Starts CMD.EXE for commands execution
  • 2017-07-29-BTCware-from-cabeiriscout.faith.exe (PID: 3168)
Creates files in the user directory
  • 2017-07-29-BTCware-from-cabeiriscout.faith.exe (PID: 3168)
Writes to a desktop.ini file (may be used to cloak folders)
  • 2017-07-29-BTCware-from-cabeiriscout.faith.exe (PID: 3168)
Creates files in the program directory
  • 2017-07-29-BTCware-from-cabeiriscout.faith.exe (PID: 3168)
Reads internet explorer settings
  • mshta.exe (PID: 2484)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (67.4%)
.dll
|   Win32 Dynamic Link Library (generic) (14.2%)
.exe
|   Win32 Executable (generic) (9.7%)
.exe
|   Generic Win/DOS Executable (4.3%)
.exe
|   DOS Executable Generic (4.3%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2017:07:29 12:04:19+02:00
PEType:
PE32
LinkerVersion:
9
CodeSize:
44544
InitializedDataSize:
392192
UninitializedDataSize:
null
EntryPoint:
0x16c6
OSVersion:
5
ImageVersion:
null
SubsystemVersion:
5
Subsystem:
Windows GUI
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
29-Jul-2017 10:04:19
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000E8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
4
Time date stamp:
29-Jul-2017 10:04:19
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x0000AD23 0x0000AE00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.69518
.rdata 0x0000C000 0x00001F92 0x00002000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.49065
.data 0x0000E000 0x000028E4 0x00001200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 3.64337
.rsrc 0x00011000 0x0005B1F6 0x0005B200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 6.70691
Resources
1

2

3

4

5

6

7

8

101

121

126

148

179

182

197

Imports
    KERNEL32.dll

    USER32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
71
Monitored processes
27
Malicious processes
8
Suspicious processes
0

Behavior graph

+
start 2017-07-29-btcware-from-cabeiriscout.faith.exe no specs 2017-07-29-btcware-from-cabeiriscout.faith.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs vssadmin.exe no specs cmd.exe no specs bcdedit.exe no specs bcdedit.exe no specs vssadmin.exe no specs cmd.exe no specs cmd.exe no specs vssadmin.exe no specs cmd.exe no specs bcdedit.exe no specs cmd.exe no specs bcdedit.exe no specs vssadmin.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs vssadmin.exe no specs cmd.exe no specs mshta.exe no specs bcdedit.exe no specs bcdedit.exe no specs vssadmin.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3580
CMD
"C:\Users\admin\AppData\Local\Temp\2017-07-29-BTCware-from-cabeiriscout.faith.exe"
Path
C:\Users\admin\AppData\Local\Temp\2017-07-29-BTCware-from-cabeiriscout.faith.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\2017-07-29-btcware-from-cabeiriscout.faith.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
3168
CMD
"C:\Users\admin\AppData\Local\Temp\2017-07-29-BTCware-from-cabeiriscout.faith.exe"
Path
C:\Users\admin\AppData\Local\Temp\2017-07-29-BTCware-from-cabeiriscout.faith.exe
Indicators
Parent process
2017-07-29-BTCware-from-cabeiriscout.faith.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\2017-07-29-btcware-from-cabeiriscout.faith.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ole32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\mshta.exe

PID
1920
CMD
"C:\Windows\System32\cmd.exe" /c vssadmin.exe Delete Shadows /All /Quiet
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
2017-07-29-BTCware-from-cabeiriscout.faith.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\vssadmin.exe

PID
636
CMD
"C:\Windows\System32\cmd.exe" /c bcdedit.exe /set {default} recoveryenabled No
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
2017-07-29-BTCware-from-cabeiriscout.faith.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
1356
CMD
"C:\Windows\System32\cmd.exe" /c bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
2017-07-29-BTCware-from-cabeiriscout.faith.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
3172
CMD
vssadmin.exe Delete Shadows /All /Quiet
Path
C:\Windows\system32\vssadmin.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Command Line Interface for Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssadmin.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll

PID
2380
CMD
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
2017-07-29-BTCware-from-cabeiriscout.faith.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
3432
CMD
bcdedit.exe /set {default} recoveryenabled No
Path
C:\Windows\system32\bcdedit.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Boot Configuration Data Editor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\bcdedit.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

PID
644
CMD
bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
Path
C:\Windows\system32\bcdedit.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Boot Configuration Data Editor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\bcdedit.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

PID
3920
CMD
vssadmin.exe delete shadows /all /quiet
Path
C:\Windows\system32\vssadmin.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Command Line Interface for Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssadmin.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll

PID
3780
CMD
"C:\Windows\System32\cmd.exe" /c vssadmin.exe Delete Shadows /All /Quiet
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
2017-07-29-BTCware-from-cabeiriscout.faith.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
1856
CMD
"C:\Windows\System32\cmd.exe" /c bcdedit.exe /set {default} recoveryenabled No
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
2017-07-29-BTCware-from-cabeiriscout.faith.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
1440
CMD
vssadmin.exe Delete Shadows /All /Quiet
Path
C:\Windows\system32\vssadmin.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Command Line Interface for Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssadmin.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll

PID
3680
CMD
"C:\Windows\System32\cmd.exe" /c bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
2017-07-29-BTCware-from-cabeiriscout.faith.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
3772
CMD
bcdedit.exe /set {default} recoveryenabled No
Path
C:\Windows\system32\bcdedit.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Boot Configuration Data Editor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\bcdedit.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

PID
764
CMD
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
2017-07-29-BTCware-from-cabeiriscout.faith.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\cmd.exe

PID
124
CMD
bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
Path
C:\Windows\system32\bcdedit.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Boot Configuration Data Editor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\bcdedit.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

PID
2488
CMD
vssadmin.exe delete shadows /all /quiet
Path
C:\Windows\system32\vssadmin.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Command Line Interface for Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssadmin.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll

PID
2456
CMD
"C:\Windows\System32\cmd.exe" /c vssadmin.exe Delete Shadows /All /Quiet
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
2017-07-29-BTCware-from-cabeiriscout.faith.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\apphelp.dll

PID
3684
CMD
"C:\Windows\System32\cmd.exe" /c bcdedit.exe /set {default} recoveryenabled No
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
2017-07-29-BTCware-from-cabeiriscout.faith.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
3412
CMD
"C:\Windows\System32\cmd.exe" /c bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
2017-07-29-BTCware-from-cabeiriscout.faith.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
1664
CMD
vssadmin.exe Delete Shadows /All /Quiet
Path
C:\Windows\system32\vssadmin.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Command Line Interface for Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssadmin.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll

PID
3812
CMD
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
2017-07-29-BTCware-from-cabeiriscout.faith.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
2484
CMD
"C:\Windows\System32\mshta.exe" "C:\Users\admin\Desktop\!#_READ_ME_#!.hta"
Path
C:\Windows\System32\mshta.exe
Indicators
No indicators
Parent process
2017-07-29-BTCware-from-cabeiriscout.faith.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Microsoft (R) HTML Application host
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\mshta.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\psapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ole32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msls31.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\clbcatq.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\mlang.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msiexec.exe
c:\windows\system32\jscript.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll

PID
3484
CMD
bcdedit.exe /set {default} recoveryenabled No
Path
C:\Windows\system32\bcdedit.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Boot Configuration Data Editor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\bcdedit.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

PID
4028
CMD
bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
Path
C:\Windows\system32\bcdedit.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Boot Configuration Data Editor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\bcdedit.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

PID
3864
CMD
vssadmin.exe delete shadows /all /quiet
Path
C:\Windows\system32\vssadmin.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Command Line Interface for Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssadmin.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll

Registry activity

Total events
219
Read events
206
Write events
13
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
DECRYPTINFO
"C:\Users\admin\AppData\Roaming\Info.hta"
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2484
mshta.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2484
mshta.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2484
mshta.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU
Enable
1
2484
mshta.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU
Size
10
2484
mshta.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU
InitHits
100
2484
mshta.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU
Factor
20

Files activity

Executable files
0
Suspicious files
112
Text files
84
Unknown types
5

Dropped files

PID
Process
Filename
Type
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Downloads\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\OMSINTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\OMSINTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.REST.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\MSOINTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\MOR6INT.REST.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\MAPIR.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\MAPIR.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\MOR6INT.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.REST.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\ENVELOPR.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\GRINTL32.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\ENVELOPR.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLSLICER.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLSLICER.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.REST.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.REST.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISINTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISINTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISBRRES.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\VISBRRES.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\STINTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\STINTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\SGRES.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\SGRES.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUBWZINT.REST.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUBWZINT.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.REST.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\PUB6INTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.REST.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\PPINTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLWVW.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLWVW.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.REST.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.REST.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\OUTLLIBR.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\OMSINTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\OMSINTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\ONINTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.REST.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\MSOINTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\MOR6INT.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\MAPIR.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\MOR6INT.REST.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\MAPIR.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.REST.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\ENVELOPR.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\GRINTL32.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\ENVELOPR.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\MySite.ico
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\MySharePoints.ico
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\MySite.ico.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\MySharePoints.ico.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\DocumentRepository.ico
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\AssetLibrary.ico
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\DocumentRepository.ico.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\AssetLibrary.ico.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Adobe\Setup\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\setup.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\ProgramData\Adobe\Setup\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\setup.ini.[[email protected]].aleta
text
MD5: efdb1df7eb34204c698a32cdb410e616
SHA256: 30ff188f8af83ddf2860b6a282cc884a67746a172faa1943ebaed0f42564b5c3
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Adobe\Setup\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\setup.ini
text
MD5: efdb1df7eb34204c698a32cdb410e616
SHA256: 30ff188f8af83ddf2860b6a282cc884a67746a172faa1943ebaed0f42564b5c3
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Adobe\Setup\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\Data1.cab
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\ProgramData\Adobe\Setup\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\Data1.cab.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Adobe\Setup\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\ABCPY.INI
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\ProgramData\Adobe\Setup\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\ABCPY.INI.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Videos\Skype.msi
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Skype.msi
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Music\Skype.msi
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\qemu-ga\qga.state
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\ProgramData\qemu-ga\qga.state.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\state.rsm
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\state.rsm.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{7e9fae12-5bbf-47fb-b944-09c49e75c061}\state.rsm
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{7e9fae12-5bbf-47fb-b944-09c49e75c061}\state.rsm.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{568CD07E-0824-3EEB-AEC1-8FD51F3C85CF}v14.11.25325\packages\vcRuntimeAdditional_x86\cab1.cab
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{568CD07E-0824-3EEB-AEC1-8FD51F3C85CF}v14.11.25325\packages\vcRuntimeAdditional_x86\cab1.cab.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{39E15475-23F2-345D-8977-B5DC47A94E26}v14.15.26706\packages\vcRuntimeMinimum_x86\cab1.cab
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{39E15475-23F2-345D-8977-B5DC47A94E26}v14.15.26706\packages\vcRuntimeMinimum_x86\cab1.cab.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{2757496A-3E74-320A-B007-36120A9F126D}v14.15.26706\packages\vcRuntimeAdditional_x86\cab1.cab
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{2757496A-3E74-320A-B007-36120A9F126D}v14.15.26706\packages\vcRuntimeAdditional_x86\cab1.cab.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{029DA848-1A80-34D3-BFC1-A6447BFC8E7F}v14.11.25325\packages\vcRuntimeMinimum_x86\cab1.cab
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\{029DA848-1A80-34D3-BFC1-A6447BFC8E7F}v14.11.25325\packages\vcRuntimeMinimum_x86\cab1.cab.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\564F02E6419B9858949B0CD5A65E2C8C0944DD88\packages\Patch\x86\Windows6.1-KB2999226-x86.msu
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Package Cache\564F02E6419B9858949B0CD5A65E2C8C0944DD88\packages\Patch\x86\Windows6.1-KB2999226-x86.msu.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Oracle\Java\java.settings.cfg
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\ProgramData\Oracle\Java\java.settings.cfg.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Oracle\Java\installcache\baseimagefam8
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\ProgramData\Oracle\Java\installcache\baseimagefam8.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\nslist.hxl
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\nslist.hxl.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.WINWORD.DEV.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.WINWORD.DEV.14.1033.hxn
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.WINWORD.14.1033.hxn
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.WINWORD.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.SETLANG.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.SETLANG.14.1033.hxn
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.POWERPNT.14.1033.hxn
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.POWERPNT.DEV.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.POWERPNT.DEV.14.1033.hxn
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.OUTLOOK.DEV.14.1033.hxn
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.OUTLOOK.DEV.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.POWERPNT.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.ONENOTE.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.ONENOTE.14.1033.hxn
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.OUTLOOK.14.1033.hxn
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.OUTLOOK.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.OIS.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.MSTORE.14.1033.hxn
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.OIS.14.1033.hxn
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.MSPUB.DEV.14.1033.hxn
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.MSTORE.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.MSPUB.DEV.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.MSPUB.14.1033.hxn
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.MSOUC.14.1033.hxn
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.MSPUB.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.MSACCESS.DEV.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.MSOUC.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.MSACCESS.DEV.14.1033.hxn
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.MSACCESS.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.MSACCESS.14.1033.hxn
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.GRAPH.14.1033.hxn
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.GRAPH.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.EXCEL.14.1033.hxn
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\MS.EXCEL.14.1033.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\Hx_1033_MValidator.Lck.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\Hx_1033_MValidator.Lck
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\Hx_1033_MValidator.HxD
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\Hx_1033_MValidator.HxD.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\Hx_1033_MTOC_Hx.HxH
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\Hx_1033_MKWD_NamedURL.HxW
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\Hx_1033_MTOC_Hx.HxH.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\Hx_1033_MKWD_NamedURL.HxW.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\Hx_1033_MKWD_K.HxW
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\Hx_1033_MKWD_K.HxW.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\Hx.hxn
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft Help\Hx.hxn.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLSLICER.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLSLICER.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.REST.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\XLINTL32.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.REST.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\WWINTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISINTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISINTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISBRRES.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\VISBRRES.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\STINTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\STINTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUBWZINT.REST.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\SGRES.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\SGRES.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.REST.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUBWZINT.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\PUB6INTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.REST.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\PPINTL.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLWVW.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLWVW.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.REST.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.DLL.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\OUTLLIBR.DLL.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.REST.trx_dll.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\1036\MOR6INT.REST.trx_dll
binary
MD5: b5b680aea18cb04809a0065ae14a31ec
SHA256: cd17886fbe694e46588a9839f12256cc46b5d3c99f64818e90d368040be7f205
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\ProgramData\Adobe\Setup\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\setup.ini.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Adobe\Setup\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\Data1.cab
text
MD5: efdb1df7eb34204c698a32cdb410e616
SHA256: 30ff188f8af83ddf2860b6a282cc884a67746a172faa1943ebaed0f42564b5c3
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\ProgramData\Adobe\Setup\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\Data1.cab.[[email protected]].aleta
text
MD5: efdb1df7eb34204c698a32cdb410e616
SHA256: 30ff188f8af83ddf2860b6a282cc884a67746a172faa1943ebaed0f42564b5c3
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp.[[email protected]].aleta
text
MD5: 60f54fdbf666785f0e26a0103943d57e
SHA256: fac61e8f544219a808da1841e7e1b398a05154617672614a9c8f5d4fadbbc762
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Videos\Wildlife.wmv
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\Wildlife.wmv
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Music\Wildlife.wmv
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Videos\Sample Videos\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Videos\Sample Videos\desktop.ini.[[email protected]].aleta
binary
MD5: ed48c5a646b6804cc8c87a2152e9b401
SHA256: 513023a30ad1634e7fb4094fc5f287aa9961e30c41336d28b5beafa314f1e17e
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Videos\Sample Videos\desktop.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Videos\desktop.ini.[[email protected]].aleta
binary
MD5: 1f27bb3556284c614fc808f384fea9a8
SHA256: 57e26669288a3807cb78d94db85a905846ac407a7ebb9ddacb65b556dafbdca2
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Recorded TV\Sample Media\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Videos\desktop.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Recorded TV\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Recorded TV\Sample Media\desktop.ini.[[email protected]].aleta
binary
MD5: 6b4cdb64f70f9de82480dada93d3f25b
SHA256: e81642e4c8b2fc1620b9b30910f3da4dc54b5da468a5b2e22e04a07b4964e73d
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.[[email protected]].aleta
binary
MD5: 6e41cb77557bf08a91eeff9f2b6a0b0a
SHA256: 231fb863e91c426fee4612e58ef8096e1c345815ce9b8fb320d1acb913e955b8
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Recorded TV\desktop.ini.[[email protected]].aleta
binary
MD5: 1a779caaa19b847b3df2e7def3e0d9e9
SHA256: f100754f03a1ed6904e11da8bb5b50a4df1b3e0f76ed7f8b33c296e45dd131d1
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Recorded TV\desktop.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Recorded TV\Sample Media\desktop.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg.[[email protected]].aleta
binary
MD5: 28373cb8cc219b3c73fed0ee0d1e40b8
SHA256: 0e2c10b4fca08fba6974e628bc76649cb44fee19b0727600d2417f171e04bd16
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.[[email protected]].aleta
binary
MD5: 65f2cef0163492055231df02adaec4f0
SHA256: 7dc15494a0f71fa554be67a805ba6353cbcf65f32224f2cbb264a1d002af9ad7
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg.[[email protected]].aleta
binary
MD5: fbd74675d90c046392129fa36c8ccebf
SHA256: 92c1c50995a214ad9226900db819add257bd142ae08df0891a3fc5fb0414a828
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg.[[email protected]].aleta
binary
MD5: 4ff064da8171fb6046cdc8134d080d3d
SHA256: 4107d03feaa16541ac6d04a93eda9ce2c4fb401c3599aa10308189a6bce7a0ce
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.[[email protected]].aleta
binary
MD5: fc673ad078c34abdf98688d8db179b55
SHA256: f2028755d00d71f48395e182b287e8ef98ce59d5bca0bfefa44a8033f9db8195
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\desktop.ini.[[email protected]].aleta
binary
MD5: c25c15deb73654eae0593e71d99867a3
SHA256: 62e6b19b86176efc16e29e0e2db217d6bdcfd233ad8903577ef775a3564e4562
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\desktop.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.[[email protected]].aleta
binary
MD5: 341020ab73f05d70a76fb7e89047f15d
SHA256: 25f58dc496774190a00dcddc75bcfe0443d23b733dbb88b17742c606cdc63de0
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.[[email protected]].aleta
binary
MD5: 8c22615d0fbaab269ea29eb95a4d047e
SHA256: d7b8d856be8c7f68c16e6cf17239ac7610463dd2862332e483ea99ba5e85d786
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\desktop.ini.[[email protected]].aleta
binary
MD5: 02790be45282a77f4bed335061ce970f
SHA256: bfea4551a436f7e571d403808b5040b4118e72cfaa1b17d19ed4a470fda0a44b
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\desktop.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.[[email protected]].aleta
binary
MD5: be504a861a294922e07ee1e9e558ec3b
SHA256: e3dc3616f24c1bfb7fa379aaf9d0765bc3d20ade3c044767047b0d6c4005ae72
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Music\Sample Music\desktop.ini.[[email protected]].aleta
binary
MD5: bebf03b8dc4d47590de84a1a884f3a3b
SHA256: 626cfb780a3f84dbdf82e8bf7ced73c064aeb5ab42f881f32bc23029dad1d787
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Music\Sample Music\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Music\Sample Music\desktop.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Libraries\RecordedTV.library-ms.[[email protected]].aleta
mp3
MD5: 39f4d7aa940b366bbf7dec6c2670422e
SHA256: 2e3485ea6872316034cbffbc6856dc5a865cada378cb609bdf0214fab1a9bcbc
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Music\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Music\desktop.ini.[[email protected]].aleta
binary
MD5: 5e9a343f23934bdf630391ff85325b34
SHA256: 52c6c3fd3f1b5879985123b5cef5c6937fffed2fa700af63e97d38a9ce477d89
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Libraries\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Libraries\RecordedTV.library-ms
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Music\desktop.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Libraries\desktop.ini.[[email protected]].aleta
binary
MD5: f1f70e19c2f5ac2152a5d7bcfbf8c287
SHA256: f1121ce294cc36ef110cdfa4904811a7e33ea52def1e966ad84945c838090445
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Videos\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\Microsoft\OFFICE\UICaptions\3082\ONINTL.REST.trx_dll
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Downloads\desktop.ini.[[email protected]].aleta
binary
MD5: d4dc78b365b7cf52f361d6a4c0d03621
SHA256: 34dd004b6f046fb0ca4a7ad31bfce6d94e1d3ba8f618cbe1d86eaf8dd5c12e84
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Libraries\desktop.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Downloads\desktop.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Pictures\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Documents\desktop.ini.[[email protected]].aleta
binary
MD5: 6bec27c9e6092a1ecda7402fb22c0092
SHA256: 119fde341d505ee14a341abeaa0bfea559f22366121fbc0c6387497bdfb1c4da
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Documents\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\Documents\desktop.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\desktop.ini.[[email protected]].aleta
binary
MD5: a10e9f9dfb7bdea5e784b46c156be75b
SHA256: 72db8bf3faee9b0fb9ed84e74b44987b5903416e515b268ba3c7c25fe01d9b5c
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\Public\desktop.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Skype\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\qemu-ga\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Oracle\Java\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Oracle\Java\installcache\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\updates.xml
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\ProgramData\Mozilla\updates\308046B0AF4A39CB\updates.xml.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\updates\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\MOZILLA\UPDATES\308046B0AF4A39CB\UPDATES\LAST-UPDATE.LOG
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\ProgramData\Mozilla\updates\308046B0AF4A39CB\updates\last-update.log.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\MOZILLA\UPDATES\308046B0AF4A39CB\UPDATES.XML
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\updates\last-update.log
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\MOZILLA\UPDATES\308046B0AF4A39CB\UPDATE-CONFIG.JSON
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
\Device\HarddiskVolume2\ProgramData\Mozilla\updates\308046B0AF4A39CB\update-config.json.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\update-config.json
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\All Users\Microsoft\User Account Pictures\admin.dat.[[email protected]].aleta
text
MD5: 60f54fdbf666785f0e26a0103943d57e
SHA256: fac61e8f544219a808da1841e7e1b398a05154617672614a9c8f5d4fadbbc762
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Microsoft\User Account Pictures\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Microsoft\User Account Pictures\admin.dat
text
MD5: efdb1df7eb34204c698a32cdb410e616
SHA256: 30ff188f8af83ddf2860b6a282cc884a67746a172faa1943ebaed0f42564b5c3
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\MICROSOFT\USER ACCOUNT PICTURES\ADMIN.DAT
text
MD5: efdb1df7eb34204c698a32cdb410e616
SHA256: 30ff188f8af83ddf2860b6a282cc884a67746a172faa1943ebaed0f42564b5c3
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\All Users\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf.[[email protected]].aleta
binary
MD5: ea0d3d8252275eb9a9a3b167d183a073
SHA256: 7b11cab5ef9a19f2be43f6804834c3350bda1811da615618ee446ecfbcb793ee
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Microsoft\RAC\PublishedData\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\MICROSOFT\RAC\PUBLISHEDDATA\RACWMIDATABASE.SDF
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Microsoft\MF\Active.GRL
text
MD5: efdb1df7eb34204c698a32cdb410e616
SHA256: 30ff188f8af83ddf2860b6a282cc884a67746a172faa1943ebaed0f42564b5c3
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Microsoft\MF\Pending.GRL
text
MD5: efdb1df7eb34204c698a32cdb410e616
SHA256: 30ff188f8af83ddf2860b6a282cc884a67746a172faa1943ebaed0f42564b5c3
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\MICROSOFT\MF\PENDING.GRL
text
MD5: efdb1df7eb34204c698a32cdb410e616
SHA256: 30ff188f8af83ddf2860b6a282cc884a67746a172faa1943ebaed0f42564b5c3
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\MICROSOFT\MF\ACTIVE.GRL
text
MD5: efdb1df7eb34204c698a32cdb410e616
SHA256: 30ff188f8af83ddf2860b6a282cc884a67746a172faa1943ebaed0f42564b5c3
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\Transforms\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\ProgramData\Adobe\ARM\Reader_15.007.20033\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Videos\desktop.ini.[[email protected]].aleta
binary
MD5: d2a4e4b2653f0aa352757f6eecd523fc
SHA256: 3afdf350542aa5a4584fa2b7e463fe40600405bbaa3a3b2646fe10755dc65695
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Templates\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Videos\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Videos\desktop.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Templates\Microsoft Outlook.searchconnector-ms
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Microsoft Outlook.searchconnector-ms
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Searches\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms.[[email protected]].aleta
mp3
MD5: a71e2d6d2641a313c411e99d6e6dbc03
SHA256: 9b57dc93cc4e5c0e006729cdd11533be6bfeb1d292c69349ecaceb3c59be98de
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo\Microsoft Outlook.searchconnector-ms
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms.[[email protected]].aleta
mp3
MD5: 5c605c82636130059387957fadb5004b
SHA256: 8473fd665de9345d3722c0dbb2edb4d3cd2f4c3d8075876ff559f3ae94b7153a
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Searches\Indexed Locations.search-ms
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Searches\Indexed Locations.search-ms.[[email protected]].aleta
xml
MD5: b6acbeb59959aa5412a7565423ea7bab
SHA256: 99653a38c445ae1d4c373ee672339fd47fd098e0d0ada5f0be70e3b2bf711d38
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Searches\desktop.ini.[[email protected]].aleta
binary
MD5: c3863b9192d86421a67cce3367d32094
SHA256: e2fff01a1794edbbfb39b690f2c3f6b86ed7eb8a23df08cb7f97e63351a74c44
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Searches\Everywhere.search-ms.[[email protected]].aleta
xml
MD5: 0fa26b6c98419b5e7c00efffb5835612
SHA256: 4094d158e3b0581ba433a46d0dce62f99d8c0fd1b50bb4d0517ddc0a4a1fde24
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Searches\desktop.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Searches\Everywhere.search-ms
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Saved Games\desktop.ini.[[email protected]].aleta
binary
MD5: 9c5e80e0d05725212f74a8e59b7af873
SHA256: e90f69f16c9141812cd313eb71cf2c3acac5f66c43ad17daa4f36f1090822c7e
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Saved Games\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Saved Games\desktop.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\whoseread.jpg
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\whoseread.jpg
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\whoseread.jpg.[[email protected]].aleta
binary
MD5: 898b48a67e2dc77efe677a75430c416c
SHA256: c5a389b0a0209b7d7038e5e2b71bd77df68ef2c4516e8e73238396902786a0bf
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\volumemultiple.jpg.[[email protected]].aleta
binary
MD5: 9474b54975efe552d0e2a60c6606bb11
SHA256: d8bf33a5fe5c0582a4c9d0825bbba69eb4c596e0a7092add0f236edbdcd5a9b1
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\rathervol.jpg.[[email protected]].aleta
binary
MD5: a5135725b58ee1db64c1f0b3fb740cb2
SHA256: 88fa57faf534678ddd8e32e5c77a9f0c4643c39b9caf7fb6ac4776873ac0b2b7
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\volumemultiple.jpg
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\whoseread.jpg
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\rathervol.jpg
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\lparent.jpg.[[email protected]].aleta
binary
MD5: 3aeee70e85745294e83a33def1c16e64
SHA256: 871d34e5f0d29f7fefde404fb12d3446c6e900d492fb52c7a8b9c9cd528d9dd8
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\modelrichard.png.[[email protected]].aleta
binary
MD5: f8377723c058cac75fda77feb4af7b9b
SHA256: c6742470df83630a840bb3e6abfe3b69f3636a30e437b3d2a3780ac18b8faad1
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\modelrichard.png
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\lparent.jpg
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\includesscott.jpg.[[email protected]].aleta
binary
MD5: 37828d43f08743e5603132582e470e4e
SHA256: e27e57dea215997101f1a1c456d428b97447191b15449e58e0f967245a96e0ea
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\hairfriday.png.[[email protected]].aleta
binary
MD5: e500e1b164bdb04e2703413d5367f97b
SHA256: 7f68d93dac760050d6a8c545dec9d82673a7e683501c517f3dbbdb0e38575140
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\hairfriday.png
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\includesscott.jpg
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\desktop.ini.[[email protected]].aleta
binary
MD5: edc947c3b9ee8a8c978436efb881a5c4
SHA256: 0965c82829919385dad64a13fef41c04f84ed510c2615a64fceec039c426e307
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\ntuser.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Pictures\desktop.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\ntuser.ini.[[email protected]].aleta
pgc
MD5: d1cd7ccdb00c668f8da5d957b5de347a
SHA256: 775d3854d2451166fb8d4961915ad66204465f42004c4ab5ffe2cfcdf78cd07f
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Music\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Music\desktop.ini.[[email protected]].aleta
binary
MD5: fa36f09aba838fcfed258e6ed96cd3e2
SHA256: cb0bc441200d9a9d98c0a5daa435c28bf48dfe1305f1282afec92be29d94043d
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\desktop.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\desktop.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Music\desktop.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Links\Downloads.lnk.[[email protected]].aleta
binary
MD5: 213ee9aa63decc8c9f6ab12272060093
SHA256: 3c7fe988134bfa36e2be2d60ebcfbc5e1fe4ed6e067b1bfe38b0c13778038532
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Links\RecentPlaces.lnk.[[email protected]].aleta
binary
MD5: 9c2db0856ab39fce3f67a834c6f447a3
SHA256: 9f457c91d5c62a8ade5ac2b206b39334d76b5b0f97017bea7433dc6f4b8a5b4e
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Links\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Links\Downloads.lnk
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Links\RecentPlaces.lnk
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\RecentPlaces.lnk
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Links\Desktop.lnk.[[email protected]].aleta
binary
MD5: 18d889c0f2d0a79af9d2d0ad776c8f2e
SHA256: fdac2167eb1111377b0b3ed4e21d575f7b5af4a35880350673ef5878a3b683e5
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Links\desktop.ini.[[email protected]].aleta
binary
MD5: 561f21dcffb8afbf299252c2497ceed6
SHA256: f47f735b8228cf4881956a2185de5896cafea0061e9ef95b6e4d8741a5ce6b97
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Links\Desktop.lnk
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Links\desktop.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url.[[email protected]].aleta
binary
MD5: 5333670d5e4f4219f67e08fcdbf5c162
SHA256: b1b22d9a2823984437923f1fc7d49da42106422bccc05367ea1e563060128f69
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url.[[email protected]].aleta
binary
MD5: 089ba8a941fef1357e1632eb1090413f
SHA256: bc1063403293207928864a09b2313fbb270e414c01a8fbc98bff078955c61006
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Windows Live\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url.[[email protected]].aleta
binary
MD5: 8d4465788720d612d1e6b56c7fffe7a3
SHA256: 0e78d3fd2737c943208d09074d869b975460d572079e580125d44b0da357613d
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url.[[email protected]].aleta
binary
MD5: 1f2779b260e3c9dea509d1be5e02f25a
SHA256: 917655727abbe7dd6386e61dcaa78f01ece52acb2a41fbae013cf67a3e7d1131
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\MSN Websites\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url.[[email protected]].aleta
binary
MD5: 18b7ee0e22490d00742b54c9ff4685f0
SHA256: b7b689030b67378ee147330ddbe79cbbf277392b0b0b22087968f5ea8119efb7
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url.[[email protected]].aleta
binary
MD5: 1b23936293a81c565b364b97439ac5c9
SHA256: 8274a4f3bcab9c84fd771dd8781e0a2377a8bee019876082407a49f4e9b6696e
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url.[[email protected]].aleta
binary
MD5: 5b5322d34aff97fe44d7bdb8115f18e3
SHA256: 4fcba076090151131eb8eb9d974e4abe459062f9e9be7225e5d4f5a4ae5d51cc
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url.[[email protected]].aleta
binary
MD5: bdcc8df5de50c81f583e2a669ea60c76
SHA256: f03120c261f792123444a0ce28422fd341e1067fee6ee8417f555be81c6809ed
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url.[[email protected]].aleta
binary
MD5: 7f6605c50be874ff5ddd6a5d3cb838de
SHA256: 8efdc2c3ecc0fdda4aa2925edb4d9fb355840de3953913de1cdbb43978fe2f86
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url.[[email protected]].aleta
binary
MD5: 5563b8077753039e00bc002783a4a7bc
SHA256: 7f730e950d3bc19440c412ef050e1f310c48c60f44483066dbc51035c0277ba3
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url.[[email protected]].aleta
binary
MD5: ec7129e1722e877908f1273a387804bf
SHA256: 717969d5ef86e1984a73a8894c0364becbc94c0854d985d2f39affcf09b0d717
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url.[[email protected]].aleta
binary
MD5: a27138bc80513a62273ea61e5581c972
SHA256: b44454f48a7a9e16f2252c5469db333168e74ad60fa9c1d673f5af7e202b3200
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Microsoft Websites\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url.[[email protected]].aleta
binary
MD5: 04ace5bb1fe249d6d0b0071e60a8afa2
SHA256: a8d426e0516f13d965789074b5edf189df86110f72bd7fad5b0f3bd9fafe99c8
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url.[[email protected]].aleta
binary
MD5: b29f9031e9e30ce9cde46d0e57b92966
SHA256: 08857109cf06876e6a6f366ac228c0a5a6a1e903504ed2d64725aef8165120de
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url.[[email protected]].aleta
binary
MD5: 6d6898a753cba4b94ffbd96d71d451c8
SHA256: a2d518f8207c787914ce1def05bbe7eef95b8155a4cfebb802af8103476a109c
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url.[[email protected]].aleta
binary
MD5: b23e3290db5ed4a8d1b13537e2172fea
SHA256: 06e2bc442d7c031f354c7e72d1cc8509d9f76a9d360ecac31ae010c65f2b13e8
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Links for United States\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url.[[email protected]].aleta
binary
MD5: ae2e09806a28c40af546489d82462769
SHA256: b57e11bd9c2313041dd1aef15111e2b12b5b63c0636828e32cc16d02df49c550
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Links for United States\desktop.ini.[[email protected]].aleta
binary
MD5: 7a5b5989faccc9cf5ad7901ac9d62b12
SHA256: b62c636e953a218ffac5c898dcd2ee36d43fcf9de95b8edb05d99c88323b9674
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Links for United States\desktop.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url.[[email protected]].aleta
binary
MD5: 58cd65cbf247a8d6cddf79b90dc2fa29
SHA256: 66a2bb46c67bb18696d5a09643c81e10b290d7455cc7ccfa3fac41fe23143829
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Links\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url.[[email protected]].aleta
binary
MD5: 5ce7ce50cbfc27404c2d66989c52a76c
SHA256: cb58977c02c21067d86f7ae604b6c912cdf38496e20e9ccadbc3ab2f8912580c
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Links\desktop.ini.[[email protected]].aleta
binary
MD5: 2e25206bd17771d6b453fa9805bd04f9
SHA256: 980dc96b11a5ccf5ed71f9a9ca3e76b6d0f47f7b7305196ca200aead52198d3e
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\desktop.ini.[[email protected]].aleta
binary
MD5: cf3882ff125cad035ee49c472c75e65a
SHA256: cd1db01f61358492ef28afb4a0c40babdea49de47e51cc0880212299d4212a5e
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\desktop.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Favorites\Links\desktop.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Downloads\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Downloads\rememberan.jpg.[[email protected]].aleta
binary
MD5: b5dd94ccd493a4d7acf78875240215a6
SHA256: 04b2aa83cb8bef1169d7604d7848efc6947f89f0b61d57aed3a1d9473cc5eb32
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Downloads\professionalplans.jpg
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Downloads\rememberan.jpg
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Downloads\photojump.png.[[email protected]].aleta
binary
MD5: c3383e19b00f3ce72c77be83108eabbe
SHA256: 3c58607aa9dddc754a509e2e0144580b62f0f9a0065396d6a6ea1293b0350201
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Downloads\professionalplans.jpg.[[email protected]].aleta
binary
MD5: 98219eaf3ddf76ae0db76f7bd4b98727
SHA256: 1bdad914341db89fd12a51469999b5059fef3bb60bece9e086145d37f365f0be
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Downloads\photojump.png
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Downloads\hostyouth.png.[[email protected]].aleta
binary
MD5: cae3710f049b1a0ac7504a7df0cabd42
SHA256: 61e4be558a9a71c8a2bd1f680c1272b245339ff5c6a77544454208b6d35f1e51
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Downloads\lookingcnet.png.[[email protected]].aleta
binary
MD5: 9394d028c440b6e7961816d4d19e6b2c
SHA256: 10ed21de7226330bc79d3d2737ffc53d1f755483158d054df65d4a8e568fa05d
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Downloads\hostyouth.png
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Downloads\lookingcnet.png
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Downloads\desktop.ini.[[email protected]].aleta
binary
MD5: 425d084cbe49a469c81750081069637c
SHA256: b98893cc70206dbd4b9568b2a553e2a26698326c2e25cbb1811fdbeb9b985918
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Downloads\consideredthomas.png.[[email protected]].aleta
binary
MD5: ea6c42af9e89dc30461f2bb7cfcf46fe
SHA256: 339993a64c409314b59779320419eb3e179c4557d0dca89aff2b960591d8ff8c
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\statesflorida.rtf
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Downloads\desktop.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Downloads\consideredthomas.png
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp.[[email protected]].aleta
binary
MD5: 3cd3578aa2e375294dfdd2f01f2ef192
SHA256: 9801e564e5bbd1d00ad34c2ddb51a6b0a6bb4cd828739b5f8b1c3526028fa4bd
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\statesflorida.rtf.[[email protected]].aleta
binary
MD5: 239e6785043d9618758cc0afaf474370
SHA256: 5331a1eafa9515aeb7ed4f44661bc5bcd0627b9376798bd9511d596a13a7d0af
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\Outlook Files\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst.[[email protected]].aleta
binary
MD5: 0bfc72c00901b2919ac0c2ac45e1ca9b
SHA256: f2005654736a6d576c2402a618fc01240585d566d61b57b6a4c5ea136ea25856
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst.[[email protected]].aleta
binary
MD5: 3b1b081ad2c6fb1846b60e837951720c
SHA256: 5195befd582a86315abdba104e088852d4ae591c905f6e79b1102f66512175b9
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst.[[email protected]].aleta
binary
MD5: c874b0e010096ededd86669da375857c
SHA256: 43814a0203ce5c83ea37c045f886f3cf425c3442b6ea409829aa3c618928503a
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\Outlook Files\[email protected][[email protected]].aleta
binary
MD5: 566f11ddb0176665267c606bf3a70464
SHA256: d14e524dd0806bff19f070afe6219e2cebbed8351b9f546d5e73ec39523f1b85
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one.[[email protected]].aleta
binary
MD5: d8335a9132119a2e08b412aee9c580be
SHA256: bb8f58680d17804e1885a72ecbd9e661a92ddeb23606d78cfe097b78e1757256
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one.[[email protected]].aleta
binary
MD5: 5c54fec5d0464254429783e982b25e52
SHA256: a3556cbf773543d204445f27cf6f8caf1b9350c868e584195354b4189fa8e180
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2.[[email protected]].aleta
binary
MD5: 730abf9774c5f5c6b64ad2552860c2fb
SHA256: 86f81581d23020ac9ba40a89412dc42c11fa8c940f7d073bba024714e28c027a
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\neverpeter.rtf.[[email protected]].aleta
binary
MD5: 2e780386773603a5f086c0977c490e2e
SHA256: 1cc986961765b2dca972d7872693b10815150b1b58a54ba5734ef93954c9fea7
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\neverpeter.rtf
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\mytalk.rtf.[[email protected]].aleta
binary
MD5: ff396b7688b394dc0f110bd2a9381495
SHA256: 2d23b5e659660dbda9a469f6e8d7135a4094decce14c2667147d59b3fa35e004
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\mytalk.rtf
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\franciscoimpact.rtf.[[email protected]].aleta
binary
MD5: dd7257708bfb3bef904df73586b771b5
SHA256: 0c93fec22840e8a25a7c572b124d5ada7907ec9ade0fd52ec73c09ba74702cbc
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\jamesinternet.rtf.[[email protected]].aleta
binary
MD5: 28faa22e7b60ba2c2d1147440f6db46b
SHA256: 08412eaa89340c1ac31223e9ab3fb031e070b1919ae2a1600e4610e8ed51b405
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\jamesinternet.rtf
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\franciscoimpact.rtf
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\firmflash.rtf.[[email protected]].aleta
binary
MD5: 7b73ea52e3074bc5057e534ca3a2089c
SHA256: 3afd8f6fbf0c15f2194c4e2e800026c7efcd097166891796573469149de880cd
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\desktop.ini.[[email protected]].aleta
binary
MD5: 44a2b45456fb299783f5aab665fef21d
SHA256: 47732ca90872f79dd279ff7b94092ee56826ece402ed7eda04f171eecae09407
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\firmflash.rtf
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\bringisland.rtf.[[email protected]].aleta
binary
MD5: a94e8cd034abdb58860118e835d16892
SHA256: 12d769552ab9d0e70ae534834926b3dbd99477342f05b7e91633bf3d51f2420e
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\yearsindia.rtf.[[email protected]].aleta
binary
MD5: 8a8791941a7e50efec743c2d9f77ce25
SHA256: d6309ff35634f9f5f1721f74f1a2651ad81a39273dc2e31a1029743d2e7cf12f
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Documents\bringisland.rtf
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\therehuman.png
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\yearsindia.rtf
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\poweredafter.rtf.[[email protected]].aleta
binary
MD5: f4a049b2d3c982089bdaad78e8b8beaa
SHA256: 64343d2bc57b067215e857c356148c68e2cdd369d6d4ecf60c49b04b9bdca178
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\therehuman.png.[[email protected]].aleta
binary
MD5: 19c85880f49fe85d7e019b9a6a515980
SHA256: a4875f5e43ce67eda203faa887d9d4f6b8e4c51c42c0e711057472c47f96342a
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\outputwritten.rtf
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\poweredafter.rtf
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\outputwritten.rtf.[[email protected]].aleta
binary
MD5: ba7294d0607c12790a8f8c8f28854cbe
SHA256: a9e2b4a55cbdc184fc3b44d79896b91525626ea58f2727839f7d48f7bdec3c3a
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\minutevote.jpg.[[email protected]].aleta
binary
MD5: 7374ebd902ca986f83fd64268f705de0
SHA256: a118d58fe5cb2f9f67ad3403c6f27c70b53fac6ea423f7cb57461e8e84c56ff4
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\minutevote.jpg
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\lateuntil.rtf.[[email protected]].aleta
binary
MD5: a495a2c582b376312d9a6f29525fa931
SHA256: 2b5b44c683809c6dcf8747fa5d73a6ac90e109a0204da0d302fcbf6a79a51706
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\gmtbasic.jpg.[[email protected]].aleta
binary
MD5: b2eb7e8963db6e9692baba8205a60b48
SHA256: c737f0883e276ca7be5d99ce577972136c797628893d852ded7bf135860d3ed8
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\gmtbasic.jpg
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\lateuntil.rtf
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\desktop.ini.[[email protected]].aleta
binary
MD5: 06559eb797cc56950ee21f05f74bb569
SHA256: 01a4c2085f7adb3e163759f27bbd68439691ef4c66f6ebc19e40e03853bb3093
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\entrywireless.rtf.[[email protected]].aleta
binary
MD5: 0c241f855b75b4232711fc744da385fd
SHA256: b6434bafa4fe3afc219e8d2fe3d2aa38daf4a1e51fec04263ef8c171ce6e1c06
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\entrywireless.rtf
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Desktop\desktop.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Contacts\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Contacts\desktop.ini.[[email protected]].aleta
binary
MD5: eb1eeb629cbf691ffe5fd62d36205733
SHA256: 4251375e15c5dbac9ebe0dab01972da17108356b0058474a9372e51d6a5fb8e7
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Contacts\admin.contact
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Contacts\desktop.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\desktop.ini
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\Contacts\admin.contact.[[email protected]].aleta
mp3
MD5: b3d38d6b89685fc137f29ce8aaaf535d
SHA256: 15a559c1e4a76c26dca7993acf2495ce38c2a49d0db7de85c792e6c08cdfed32
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\90737d32e3abaa4.timestamp
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp.[[email protected]].aleta
binary
MD5: 70ff3a3b0e47f52467e0cdb1cf5f9d4e
SHA256: ef667ae7ca8d5a3eed0706e8a1e18628007446c14ca6b56b07a61c6113694dfd
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\.oracle_jre_usage\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\xnn0njba.fg2.[[email protected]].aleta
binary
MD5: 61862f142750d4480442509f7e7a8af5
SHA256: 03acf31ac9ea39ce11e8efb8d91f6be2508c45497a9c4ea72fee33e3620857ab
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\xnn0njba.fg2
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\xfekrpnf.vsj.[[email protected]].aleta
binary
MD5: c3fcc6f9a07932c7e5c73864602aeb8c
SHA256: 6bdac4837da06d971b1b602f596dc5ba05e8c6854dc0cac1b25129a966fde8f5
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\xjivgwhi.jyf.[[email protected]].aleta
binary
MD5: 8b22c3a7121cf66a5e4f33cebfedae95
SHA256: 98b422d4132151deb844692b6995952a72333560e97f747c946380a8efd25ebc
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\xjivgwhi.jyf
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\xfekrpnf.vsj
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\x2txagxa.4te
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\x2txagxa.4te.[[email protected]].aleta
binary
MD5: 0cea18ed5559b3c7c58a64f4608c95f8
SHA256: 6eb70f323761c18f07e7bda882e86949cc428f188b68e9bbd7462c96500f69b7
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\sxaw3brl.yc5
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\sxaw3brl.yc5.[[email protected]].aleta
binary
MD5: 2335e67a002ed4781fabb713d0094750
SHA256: 6e4d613a5905b808df168ae36830cf31923171d7ba6da072a77b91fee49d3406
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\sk0ohjbx.to1.[[email protected]].aleta
binary
MD5: 04f4f2edc197faf911d2421611717971
SHA256: ccaf901095ae9256586291f22e61f284ce3a92c2d2c32a9249c3007fe1daff57
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\sk0ohjbx.to1
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\qycewxa4.5n0
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\qycewxa4.5n0.[[email protected]].aleta
binary
MD5: 2ebb1f8030081693fa082a3a13918c36
SHA256: eff397498cd973181ee4d48dfe18f63903b6b7351c28a3e4484ad9a1f7a3da9c
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\pyyxokiw.pq1
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\pyyxokiw.pq1.[[email protected]].aleta
binary
MD5: e2d95cfbd658043973fd9f87b1c7e2be
SHA256: 4982bb5badd773bdda41ee3bb19126f04a5725f40cbca525ad1e155c2ef375f9
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\nzby2ryh.jq5.[[email protected]].aleta
binary
MD5: 377715fc4cee4fd7566af820a8a2ea93
SHA256: 75ecea845d20a40f2872f262f91366f0223f761646caa18f60b29a30ac5d181f
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\nzby2ryh.jq5
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\nk4uyb13.ee4.[[email protected]].aleta
binary
MD5: 397e5143e4773c481b34e6c76ea60130
SHA256: 680ce812fa9863807ece023851a347847fe94ef308a94b48084a58c47a46e9df
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\nk4uyb13.ee4
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\hff0iu2i.nmv
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\hff0iu2i.nmv.[[email protected]].aleta
binary
MD5: 1f15f868470ab259c4e0ee473946d2ad
SHA256: 0ab98d893242924621b4309cccaabd17bb58c53d3bd38104cf23262ef53c786a
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\h2yf5fkw.lem
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\h2yf5fkw.lem.[[email protected]].aleta
binary
MD5: 6da7f3740ca25ac09eda07a2059a889c
SHA256: ffaf9cb8889291fff371b30462c6684b455e67de78d3deddc9c846fa748a7882
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\gj21onik.fma.[[email protected]].aleta
binary
MD5: bfe0019e4e720b09dbcd0d7c03fe1c17
SHA256: 756a5380cfbdc558d4abb405c04a990219cc719bcd54b7745d59db6f160d53df
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\gj21onik.fma
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt
text
MD5: efdb1df7eb34204c698a32cdb410e616
SHA256: 30ff188f8af83ddf2860b6a282cc884a67746a172faa1943ebaed0f42564b5c3
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\eqo4lgtl.j34.[[email protected]].aleta
binary
MD5: 1e773780b3d7cd6ca31a7e60fe950c80
SHA256: d5d394afba24e4b77ef8f7684bb853db0b1da9f6bb0cd5d673b1a33c6d3265c2
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\eqo4lgtl.j34
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\een3iutb.z0n.[[email protected]].aleta
binary
MD5: 8d83814d472d6ffffb942dca8a27e43f
SHA256: c68661e7c6892e528eee5d8467454a255f056cd04db28a385ca9de8ae572fe39
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\een3iutb.z0n
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\ayrio41l.cr0.[[email protected]].aleta
binary
MD5: 0909adc1ce1e76241d2bc6bfa3445d3e
SHA256: 1cfb777b861294c077f6005204d66b38505acb145f32505a0f66dddaabcf6ec2
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\ayrio41l.cr0
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\5a5y5r04.zm5
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\!#_READ_ME_#!.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\5a5y5r04.zm5.[[email protected]].aleta
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\0ix22fic.2gw.[[email protected]].aleta
binary
MD5: 6670a2583a083bb0aa9219c205f92be7
SHA256: 2e8d14f9cb0ab92e914b7c46379469a362c3af0e0a11d473135f2e4235f255ec
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Local\Temp\0ix22fic.2gw
––
MD5:  ––
SHA256:  ––
3168
2017-07-29-BTCware-from-cabeiriscout.faith.exe
C:\Users\admin\AppData\Roaming\Info.hta
html
MD5: e161720a1099baf2d32c4cbe35ffb126
SHA256: 9dc88c2302ffdd0caf7439529f7e87002dae8f5637b167da2d952739d0d5e595

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

No network activity.

Debug output strings

No debug info.