General Info

File name

file.exe

Full analysis
https://app.any.run/tasks/1a8bbc30-7cf0-4466-a6e8-5ffcb763805c
Verdict
Malicious activity
Analysis date
5/15/2019, 17:09:11
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

ransomware

gandcrab

trojan

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

adadab197193f5e2c322428fcab94a1d

SHA1

f209ae1d96de7fde1fe1396095f5d645d686a2c9

SHA256

ecb08f18dae244ab7749fa1fa18a7baa456a41ab181b30ed9db8f0d5ecc77c5c

SSDEEP

6144:GqyfktIWe+8TmcG4Vzxqzf4NoTcEJf4wKh4:zyHTg4VUzf4qxSwKh4

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Connects to CnC server
  • file.exe (PID: 2568)
Deletes shadow copies
  • cmd.exe (PID: 3648)
Changes settings of System certificates
  • file.exe (PID: 2568)
Dropped file may contain instructions of ransomware
  • file.exe (PID: 2568)
Writes file to Word startup folder
  • file.exe (PID: 2568)
Renames files like Ransomware
  • file.exe (PID: 2568)
Actions looks like stealing of personal data
  • file.exe (PID: 2568)
GANDCRAB detected
  • file.exe (PID: 2568)
Adds / modifies Windows certificates
  • file.exe (PID: 2568)
Starts CMD.EXE for commands execution
  • file.exe (PID: 2568)
Reads Internet Cache Settings
  • file.exe (PID: 2568)
Reads the cookies of Mozilla Firefox
  • file.exe (PID: 2568)
Creates files in the program directory
  • file.exe (PID: 2568)
Creates files in the user directory
  • file.exe (PID: 2568)
Dropped object may contain Bitcoin addresses
  • file.exe (PID: 2568)
Dropped object may contain TOR URL's
  • file.exe (PID: 2568)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable (generic) (42.6%)
.exe
|   Clipper DOS Executable (19.1%)
.exe
|   Generic Win/DOS Executable (18.9%)
.exe
|   DOS Executable Generic (18.9%)
.vxd
|   VXD Driver (0.2%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2017:03:07 05:16:37+01:00
PEType:
PE32
LinkerVersion:
6
CodeSize:
57344
InitializedDataSize:
102400
UninitializedDataSize:
null
EntryPoint:
0x5c8e
OSVersion:
4
ImageVersion:
null
SubsystemVersion:
4
Subsystem:
Windows GUI
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
07-Mar-2017 04:16:37
Detected languages
English - United States
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000040
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
07-Mar-2017 04:16:37
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x0000E000 0x0000E000 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 6.97603
.rdata 0x0000F000 0x00002000 0x00002000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.37836
.data 0x00011000 0x00008000 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 6.9769
.rsrc 0x00019000 0x0000E3BE 0x0000F000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.01288
.titan 0x00028000 0x00021000 0x00021000 IMAGE_SCN_MEM_READ 5.86119
Resources
1

2

3

4

5

6

7

8

103

107

109

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
38
Monitored processes
4
Malicious processes
2
Suspicious processes
0

Behavior graph

+
start #GANDCRAB file.exe cmd.exe vssadmin.exe no specs vssvc.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2568
CMD
"C:\Users\admin\AppData\Local\Temp\file.exe"
Path
C:\Users\admin\AppData\Local\Temp\file.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\file.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mspaint.exe
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ntkrnlpa.exe
c:\windows\system32\kbdus.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll

PID
3648
CMD
"C:\Windows\system32\cmd.exe" /c vssadmin delete shadows /all /quiet
Path
C:\Windows\system32\cmd.exe
Indicators
Parent process
file.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\vssadmin.exe

PID
3636
CMD
vssadmin delete shadows /all /quiet
Path
C:\Windows\system32\vssadmin.exe
Indicators
No indicators
Parent process
cmd.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Command Line Interface for Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssadmin.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\vss_ps.dll

PID
3276
CMD
C:\Windows\system32\vssvc.exe
Path
C:\Windows\system32\vssvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\atl.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\xolehlp.dll
c:\windows\system32\version.dll
c:\windows\system32\resutils.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\authz.dll
c:\windows\system32\virtdisk.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\samlib.dll
c:\windows\system32\es.dll
c:\windows\system32\propsys.dll
c:\windows\system32\catsrvut.dll
c:\windows\system32\mfcsubs.dll

Registry activity

Total events
127
Read events
90
Write events
37
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2568
file.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2568
file.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2568
file.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\file_RASAPI32
EnableFileTracing
0
2568
file.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\file_RASAPI32
EnableConsoleTracing
0
2568
file.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\file_RASAPI32
FileTracingMask
4294901760
2568
file.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\file_RASAPI32
ConsoleTracingMask
4294901760
2568
file.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\file_RASAPI32
MaxFileSize
1048576
2568
file.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\file_RASAPI32
FileDirectory
%windir%\tracing
2568
file.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\file_RASMANCS
EnableFileTracing
0
2568
file.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\file_RASMANCS
EnableConsoleTracing
0
2568
file.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\file_RASMANCS
FileTracingMask
4294901760
2568
file.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\file_RASMANCS
ConsoleTracingMask
4294901760
2568
file.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\file_RASMANCS
MaxFileSize
1048576
2568
file.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\file_RASMANCS
FileDirectory
%windir%\tracing
2568
file.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2568
file.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000003000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
2568
file.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
DefaultConnectionSettings
460000000200000009000000000000000000000000000000040000000000000080038D46300BD501000000000000000000000000020000001700000000000000FE80000000000000A179B3FF019923140B00000000000000090000000000000078AE437564BD340064BD34000000000000000000040000000000000088BD340004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF02000000C0A86487000000000000000003000000000000000000000000000000DADADADA0000000000000000050000000000000000000000AD3E140000000000000000000000000000BE340000BE34000000000000000000FFFFFFFF0000000000000000000000000000000024BE340024BE34000000000030BE340030BE3400
2568
file.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
WpadLastNetwork
2568
file.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2568
file.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
0F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE09000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030353000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C01400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB5748501D00000001000000100000005B3B67000EEB80022E42605B6B3B72400B000000010000000E000000740068006100770074006500000003000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B812000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
2568
file.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13
Blob
040000000100000010000000410352DC0FF7501B16F0028EBA6F45C50F00000001000000140000005BCAA1C2780F0BCB5A90770451D96F38963F012D090000000100000042000000304006082B0601050507030406082B0601050507030106082B0601050507030206082B06010505070308060A2B0601040182370A0304060A2B0601040182370A030C6200000001000000200000000687260331A72403D909F105E69BCF0D32E1BD2493FFC6D9206D11BCD67707390B000000010000001E000000440053005400200052006F006F0074002000430041002000580033000000140000000100000014000000C4A7B1A47B2C71FADBE14B9075FFC415608589101D00000001000000100000004558D512EECB27464920897DE7B66053030000000100000014000000DAC9024F54D8F6DF94935FB1732638CA6AD77C131900000001000000100000006CF252FEC3E8F20996DE5D4DD9AEF42420000000010000004E0300003082034A30820232A003020102021044AFB080D6A327BA893039862EF8406B300D06092A864886F70D0101050500303F31243022060355040A131B4469676974616C205369676E617475726520547275737420436F2E311730150603550403130E44535420526F6F74204341205833301E170D3030303933303231313231395A170D3231303933303134303131355A303F31243022060355040A131B4469676974616C205369676E617475726520547275737420436F2E311730150603550403130E44535420526F6F7420434120583330820122300D06092A864886F70D01010105000382010F003082010A0282010100DFAFE99750088357B4CC6265F69082ECC7D32C6B30CA5BECD9C37DC740C118148BE0E83376492AE33F214993AC4E0EAF3E48CB65EEFCD3210F65D22AD9328F8CE5F777B0127BB595C089A3A9BAED732E7A0C063283A27E8A1430CD11A0E12A38B9790A31FD50BD8065DFB7516383C8E28861EA4B6181EC526BB9A2E24B1A289F48A39E0CDA098E3E172E1EDD20DF5BC62A8AAB2EBD70ADC50B1A25907472C57B6AAB34D63089FFE568137B540BC8D6AEEC5A9C921E3D64B38CC6DFBFC94170EC1672D526EC38553943D0FCFD185C40F197EBD59A9B8D1DBADA25B9C6D8DFC115023AABDA6EF13E2EF55C089C3CD68369E4109B192AB62957E3E53D9B9FF0025D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E04160414C4A7B1A47B2C71FADBE14B9075FFC41560858910300D06092A864886F70D01010505000382010100A31A2C9B17005CA91EEE2866373ABF83C73F4BC309A095205DE3D95944D23E0D3EBD8A4BA0741FCE10829C741A1D7E981ADDCB134BB32044E491E9CCFC7DA5DB6AE5FEE6FDE04EDDB7003AB57049AFF2E5EB02F1D1028B19CB943A5E48C4181E58195F1E025AF00CF1B1ADA9DC59868B6EE991F586CAFAB96633AA595BCEE2A7167347CB2BCC99B03748CFE3564BF5CF0F0C723287C6F044BB53726D43F526489A5267B758ABFE67767178DB0DA256141339243185A2A8025A3047E1DD5007BC02099000EB6463609B16BC88C912E6D27D918BF93D328D65B4E97CB15776EAC5B62839BF15651CC8F677966A0A8D770BD8910B048E07DB29B60AEE9D82353510
2568
file.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
190000000100000010000000DC73F9B71E16D51D26527D32B11A6A3D03000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B810B000000010000000E00000074006800610077007400650000001D00000001000000100000005B3B67000EEB80022E42605B6B3B72401400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB57485053000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703030F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE2000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68

Files activity

Executable files
0
Suspicious files
412
Text files
318
Unknown types
22

Dropped files

PID
Process
Filename
Type
2568
file.exe
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv.btsrodv
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Zenburn.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Public\Videos\Sample Videos\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv.btsrodv
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.btsrodv
binary
MD5: 17603734cbf1ddd1aeae318f6b46a4eb
SHA256: eb86d7ef2a45d03c5e6368fcbb601dc5f7a1b3cdfafde229836e41d77833568d
2568
file.exe
C:\Users\Public\Recorded TV\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Public\Recorded TV\Sample Media\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg.btsrodv
pgc
MD5: cc516de32246b91ae62e616395c74eaa
SHA256: 633d82f9c0e346babafad5ccf324e75a06ac80977dbb1df4399ae8c6caffb972
2568
file.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.btsrodv
binary
MD5: 64888bbcb16d84f1a115d5c11197ce2c
SHA256: 6e3b67fb455af14e9d49e6b9b7c4eeb68eb4445c8e3a3c06f392b99897abf52c
2568
file.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg.btsrodv
binary
MD5: 0a7376ad6baee479f65375a07d44b05a
SHA256: b23d5d2da0c35beb33f3012001718cb271b2a95876dce413dc66e41fde7329d6
2568
file.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg.btsrodv
binary
MD5: de61c5517d8a884658713144f85744e1
SHA256: e09a0b8773d1f919abcc54b23fd3ed55ac55909de0a99f3f99d081d287ca60a5
2568
file.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.btsrodv
binary
MD5: ec37b8697786fac69f866c463d6dcf6b
SHA256: 96591e630d1c91f8819f8c8f05338194f64061a9b64d931e1170c1ad7c4cfb66
2568
file.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.btsrodv
binary
MD5: f7a942861defbfdf39b66e975e55740a
SHA256: 567c53dcf664420ca561a67e0431ed72f7f33e42104bc2fd83558e21e073d744
2568
file.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.btsrodv
binary
MD5: ad40da4b28a746b0fa84f2d6aa6aa537
SHA256: 8fe58caaf903edbb14928d8b6a3d48d9e8f44ca78850689c0cabb9cc15e2e746
2568
file.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Public\Pictures\Sample Pictures\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3.btsrodv
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.btsrodv
binary
MD5: 8f3d738635870b764574b595d62e690d
SHA256: 05fa4f1bf5b216c5639c0366ff5dbb2c0ddbf3b7215198260563c67ed6fa2bb0
2568
file.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3.btsrodv
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Public\Libraries\RecordedTV.library-ms.btsrodv
binary
MD5: 64aa508946f91f1755885642574519bb
SHA256: 5df82ec321f430c4abd45ab6c2c39cbb72e13278d86b0d04c6c0f5ee978f130f
2568
file.exe
C:\Users\Public\Music\Sample Music\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Public\Libraries\RecordedTV.library-ms
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Public\Documents\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Public\Downloads\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Public\Music\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Public\Pictures\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Public\Libraries\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Public\Favorites\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Public\Videos\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Default\Saved Games\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Public\Desktop\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Public\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms.btsrodv
binary
MD5: 1d785dc91694dd949c9fd84b79d51588
SHA256: ef4e463b9da311377f6266d2c46dfd07db7070c6dfc77a17aad020d973f1e2bc
2568
file.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms.btsrodv
binary
MD5: 969c60a06e305a67bfac4c1e626f5924
SHA256: 73e599061f63d779354bf9876c4d9e51e327a2bc41be4c34ea0f416055c05d6e
2568
file.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf.btsrodv
binary
MD5: 58922005b6ec3b3b085f49c37c066ab9
SHA256: a54e755f4f266fe6a3c9043b36e4856be8677c13c1df2d983db5a1f79faeeed3
2568
file.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Default\NTUSER.DAT.LOG1.btsrodv
binary
MD5: f99081aad54a2acda8f3f0458caebfcf
SHA256: 999cf7de1d41302665283850c8f2aab8d154e21935244d1dfdc057a32b5141fe
2568
file.exe
C:\Users\Default\NTUSER.DAT.LOG1
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Default\Links\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Default\Documents\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Default\Videos\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Default\Desktop\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Default\Pictures\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Default\Favorites\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Default\Music\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Default\Downloads\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Default\AppData\Roaming\Microsoft\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Default\AppData\Roaming\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Default\AppData\Local\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Default\AppData\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Default\AppData\Local\Temp\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Default\AppData\Roaming\Media Center Programs\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Default\AppData\Local\Microsoft\Windows\History\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Default\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Default\AppData\Local\Microsoft\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\Saved Games\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\Searches\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms.btsrodv
binary
MD5: b324372cb5de5b9b6085056a64be2f04
SHA256: 32bbe1389572f3448b396ba6af885e8931fe90f55ae710dbf74cf124b183d7f1
2568
file.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\ntuser.ini.btsrodv
flc
MD5: d28b9ddb41eff816cdbf0f2a9f030015
SHA256: 4568fa71e10aadd13b752c475d23853e8dbaedb4105b3ea9df6d05af8caf9774
2568
file.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\ntuser.ini
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms.btsrodv
binary
MD5: 699f46421e7c347c22c45a003cb96948
SHA256: d5239b89c2ab5732b6c9137e952f05f320d8f8399fb6f531b623d59cc69a4d0a
2568
file.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf.btsrodv
binary
MD5: 34b7308856dc684fc7aae533fc842b7b
SHA256: 5b330239f37fa05b67e7326dec05e04b5a3f36408e0ca6f620c223e335d8a0be
2568
file.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\ntuser.dat.LOG1.btsrodv
binary
MD5: 063a2a19833e0f654b2294550458b886
SHA256: ac0dc7d6444b06e686679aeeacb9516c8cd12b6d428367cd9611c8cf3163a870
2568
file.exe
C:\Users\Administrator\ntuser.dat.LOG1
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\Links\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Mail.url.btsrodv
binary
MD5: 2f298ccb40cd28d097701dac312e8f25
SHA256: ed3f46d43dc9082684eb29d4f5992935e569f34c5e2a2d795b9f93579fb2c1e7
2568
file.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Spaces.url.btsrodv
binary
MD5: dd6ff1f38af121ab56b8a9d81eb1551e
SHA256: 62fc6c762899db9e01322faed7f065259e11d698c4ba3f2150009c9196a5f59d
2568
file.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Mail.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Spaces.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\Favorites\MSN Websites\MSNBC News.url.btsrodv
binary
MD5: db836392972d54000e811198f20f3796
SHA256: d1deae6a1d6a97d1b1f4687780361d15d3e03e26566ecc2ffcdd2498dd5014d1
2568
file.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Gallery.url.btsrodv
binary
MD5: d37de7ab5b3d01c17ac78f711a26618c
SHA256: 114138cdb525ed096e93f5cc1ef1b1912cd23fbdb652e57f6ac8a18d0a272e54
2568
file.exe
C:\Users\Administrator\Favorites\Windows Live\Get Windows Live.url.btsrodv
binary
MD5: 72bd011db73e42bb6f9410220ac3a5f5
SHA256: 0f7431afc5329a1bcba8477fcc547726c896ca0c91798f27ea089dac23aed358
2568
file.exe
C:\Users\Administrator\Favorites\Windows Live\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\Favorites\Windows Live\Get Windows Live.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Gallery.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN.url.btsrodv
binary
MD5: 7422595fccd15bd99562121328d3b8f0
SHA256: adf95114ee675474cba7a21bfc325a5c0c78e89fb74b6e1ea9190e3646267701
2568
file.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Sports.url.btsrodv
binary
MD5: 82b4c5eb758af208e02ad6e67b3d8f6a
SHA256: 5577a6ce5cbc4b4f6e06f2757adc99e1ca4962cdf186abc9c38eaa96201adf73
2568
file.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Sports.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\Favorites\MSN Websites\MSNBC News.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Entertainment.url.btsrodv
fli
MD5: 685de9b22fe0351c14ec1af19b86f828
SHA256: 266ac67485762dc746e74f755034054a639bb9b1ca53a25e9791f2885f478a22
2568
file.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Money.url.btsrodv
binary
MD5: c408c553b6d36d5dd88e285152776417
SHA256: 2ec7f201acbeb5b91ff602790ecc6e0c3e7876b8ae40938168baf97d71d085f1
2568
file.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Autos.url.btsrodv
binary
MD5: f7a9493afe3713406e20b3336541cdab
SHA256: f0711233ecbcb8bf206a465558fdde12be050d1f5643da5e1d17b6801de8044f
2568
file.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Entertainment.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Money.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Autos.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\Favorites\MSN Websites\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Work.url.btsrodv
binary
MD5: a4aa2f625c2105cbcc4c07374c6ab3c1
SHA256: a52c721cddbf93e3ff4f0f3f385cefe0977983e177e341729436674083a19a09
2568
file.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft Store.url.btsrodv
binary
MD5: 0c2f8b6249f468f9bfb81749b8d7cd51
SHA256: 6ccd082509d78b9e3d9f74dc5998fe563ba5d8806d7f106a593c44c30dd2b638
2568
file.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Work.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft Store.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE site on Microsoft.com.url.btsrodv
binary
MD5: d15d47c4c25a4876c2b480a530354613
SHA256: a9d646103e0968b0da00965b16d73044a775442d68baccd8f0727c510ab9b7f3
2568
file.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Home.url.btsrodv
binary
MD5: f82684cf83489f96270809e1c763cc8f
SHA256: e0867847657d19b02c725bca4a20b79e501b4ace95788d22deffede45c868aed
2568
file.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE Add-on site.url.btsrodv
binary
MD5: f425533cefdef285c93f2cd3fec1e694
SHA256: c27876cdb547f9270d40e8ea47f46c530d6adc2722e92b40d0e35dc5bc4b5d67
2568
file.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE site on Microsoft.com.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE Add-on site.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Home.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\Favorites\Links for United States\USA.gov.url.btsrodv
binary
MD5: 87022b0a94d591115727d253799f52c9
SHA256: 78abb68544adf6f296fc71d910341972522535eb8fc397b827200fe3892cb68d
2568
file.exe
C:\Users\Administrator\Favorites\Microsoft Websites\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\Favorites\Links for United States\USA.gov.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\Favorites\Links for United States\GobiernoUSA.gov.url.btsrodv
binary
MD5: 38efa26590f526ef0c9cd93f61f6b0f8
SHA256: c3a2553d45aa4d9f7fb4cb14377872b89af70eccd93abe2a6fd63bcb01fc9c6d
2568
file.exe
C:\Users\Administrator\Favorites\Links for United States\GobiernoUSA.gov.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\Favorites\Links\Web Slice Gallery.url.btsrodv
binary
MD5: 9042ef62d411c7c3790186002c1a2a46
SHA256: c9d2692d8350ad358f17ac73cae5af0008aac0c26c49c5a4d75cec1539cf1160
2568
file.exe
C:\Users\Administrator\Favorites\Links for United States\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\Favorites\Links\Web Slice Gallery.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\Desktop\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\Favorites\Links\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\Videos\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\Favorites\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\Downloads\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\Music\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\Documents\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\Pictures\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\Contacts\Administrator.contact.btsrodv
binary
MD5: 936b3d871a6356083fd60afd1710253d
SHA256: fb2224527fe785a5287f181d42edb756a527bb81405237a316861b505b1963fb
2568
file.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\Contacts\Administrator.contact
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\Preferred.btsrodv
binary
MD5: b2710163fdde7a57dbeefdfbb8957d31
SHA256: d96365d605e3abe50db6e1dca611870be7e2bfd071a6345cf5a3c82f12892143
2568
file.exe
C:\Users\Administrator\Contacts\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\Preferred
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\e772058d-056e-4021-b783-db194666b156.btsrodv
binary
MD5: aad4b7b032f16d3819e90cd1677c6f69
SHA256: 92b181afdde6103bf869fa4c112e87c4804869b28b8e0f7d9a3103b4fc4de929
2568
file.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\e772058d-056e-4021-b783-db194666b156
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\CREDHIST.btsrodv
binary
MD5: 8e2092465b2be715b6b9409178e84073
SHA256: ddf6615d300d41318e44ffe92f5cb6dccc3cc18664fb2ba84c6bb153b1d51fbb
2568
file.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\CREDHIST
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Credentials\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Roaming\Media Center Programs\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Temp\WPDNSE\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Temp\wmsetup.log.btsrodv
binary
MD5: 556673426409b588dc1916046785ed55
SHA256: 7fce1ddb3260f246ef82d83d04aa7f482537aef7c5fca35b72d3bcd027a895ba
2568
file.exe
C:\Users\Administrator\AppData\Roaming\Identities\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Roaming\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Roaming\Identities\{BA2162A3-2F32-4850-8D8C-B3C9A2AA9D43}\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\LocalLow\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Temp\wmsetup.log
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Temp\Low\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Temp\Administrator.bmp.btsrodv
binary
MD5: 1b3fd61b4f28906aa216a5f8a9f05947
SHA256: 23567bc8da478810281664f721aaeaa5f5a2f77dd2edc0e0aabbf07318a59842
2568
file.exe
C:\Users\Administrator\AppData\Local\Temp\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Temp\Administrator.bmp
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Settings.ini.btsrodv
binary
MD5: f0965058bdfbdec3ff6401f28474e01d
SHA256: 829a1d2fc3f0c03c32e14e32c1951a88f86902a3dbf04c336a531091ba8158b8
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.btsrodv
binary
MD5: 3ccda85525f345caccd6d359fe8dbb6c
SHA256: 9abc189128bf0fdb5aabb8bb5b4a88728eedd037ef69ed1a5d98d8980f44082b
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD.btsrodv
binary
MD5: fc577c4889581a7e8e88d2cfd0c5e357
SHA256: 67c48273f9de78245aaabba4fcb98f7533d1801144b45d1bd9f31bc7260eeb79
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat.btsrodv
gpg
MD5: 67ef735f89b9c1ec556582c353b96aec
SHA256: d99d1c7f4048629b1714a7303268dd489c09839f5055ebb2b3c97b1e166bd693
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore.btsrodv
binary
MD5: de1e6fb79d0cbd0588f760020989c756
SHA256: 668ae8f1638d244c7961e0820736e704bb68c839b0dd08943ca3ae53bb095116
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Wrinkled_Paper.gif.btsrodv
binary
MD5: ebfda17a8c5b3116c52276f832c07f7b
SHA256: 4f54faa33c85c4d8dc8af5526cb7835fe11ec2d1df20ba525033e58f6dfc8a45
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Wrinkled_Paper.gif
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\White_Chocolate.jpg.btsrodv
binary
MD5: a7d1be3a3d878bb3cae4bbde87cdf131
SHA256: 1c67571ac69dcd01efabf9c819b36e904da1a1bce49600849f4e991598238266
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\White_Chocolate.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\To_Do_List.emf.btsrodv
binary
MD5: 551177114be8c3e2e58ca950d18c11e3
SHA256: 83d88ced4b53da9b934ea0bee1aa7ea0719433f91fa85338d2e13d6412eda1b4
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\To_Do_List.emf
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Tiki.gif.btsrodv
binary
MD5: a16a2fa4e545c974a4c3a3cf44bd5ca2
SHA256: 8167a8e071318ce22c7b75098142f81a31a6c038905f1e7e79a7ee28bcbd217d
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Tiki.gif
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Tanspecks.jpg.btsrodv
binary
MD5: b585cabf7b51041f8d17e6ff6475acf9
SHA256: bcb692ac931fb014a7bcd5d88338b72be7c37b71065fca2105354e84cfc99935
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Tanspecks.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stucco.gif.btsrodv
binary
MD5: 30f43cb13d924a79a0fcae1520665d70
SHA256: 737f38e873bd992d8cab7a80ed9327304d8d042753367b81c90cd42a92a9aa04
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stucco.gif
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg.btsrodv
binary
MD5: 9d3c978514998cdbdb1aa0adc47f25af
SHA256: 59ea9bdb19659d23349691d5bae0a5cc0f6a028dd7e84eded067728ca4e88ee3
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm.btsrodv
binary
MD5: e72c7bad2ab6eeb74c16a9091608b6f5
SHA256: 5b728a7ef59082e4f601b5abdee5ff9d3e21130c8337ada44f336d06100c6a53
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg.btsrodv
binary
MD5: 76deb867943f14bf166a61e86a2f5a4b
SHA256: 89a7cab828d7196376152ab268022d96b0b8af9a69ba9f9750552a8184f34086
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm.btsrodv
binary
MD5: 29b3a731a9942623606ad25857ee2f28
SHA256: e316dbf585be0d536eab64f4d314eb033a0c645be92e22b6caad67d3998371a2
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Small_News.jpg.btsrodv
binary
MD5: 40d91bf440db69763a546ffc44becae1
SHA256: 80e71bf69d1a1abd6a144d26fc4fb51524ac20e7729c8d1145567aa00c3a1d75
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Small_News.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Shorthand.emf.btsrodv
binary
MD5: ba5a91f7151fe26da79e9d9620e7fb28
SHA256: af4ce1550c0b089547759c9efb72e9c6f4e068988d6683dd05839773a4be78cc
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Shorthand.emf
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg.btsrodv
binary
MD5: 3e94345aeb0ec17798253d75b0b4350d
SHA256: f7fe450e331c2f9832e966e045ccae0eb9a9666775a59609a616592a18112e9f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Seyes.emf.btsrodv
binary
MD5: e1475c67492b6c0df93ceb2d557271b3
SHA256: e21bcfd16078e1a0a6d3548a914bdd67f3e09e81e275af2eb238c604bb70437f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm.btsrodv
binary
MD5: 0bc11ff51e1fd6c48f4a0081ff172c87
SHA256: a99da4cf1470acdb323deb223d2acfa4238bab86fc9244f0dde6a21ed7f36d81
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Seyes.emf
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Sand_Paper.jpg.btsrodv
binary
MD5: 5dff68eb8c5283ff8db90c6c93f85741
SHA256: 4e976a87111df31a78c848e13baf8952d1090f94ad2db6b56f690e81f7644ad3
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Sand_Paper.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg.btsrodv
binary
MD5: 44c659017839a694efb12d7943015528
SHA256: ed15e80592f52fcf1f9a6ee3b6b0f55cfe6e9cea3c875898f2a96bef7940e9b5
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm.btsrodv
binary
MD5: 62a28af653bf88ce7fb6a7b464004eec
SHA256: de693e8fe0fdf77143466064181fd88f43e759bb0dd0ddd8fe57f36ce9aaa2c6
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Psychedelic.jpg.btsrodv
binary
MD5: c31b3e229758bac030e59e36d4292722
SHA256: c5f067030dbdfc7f2a7bdf00a3882a1930c97f49b8bbf47caf45474c57e621ad
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Psychedelic.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg.btsrodv
binary
MD5: e0f727cac444511af0de8ef53fd86bb5
SHA256: 4cd0a0833191b6a1d4be3f24b2345889b64926e39ff1ee45a3fc1e35298444ad
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Pine_Lumber.jpg.btsrodv
binary
MD5: 752a7b76ee28bc858364e0003dcaf413
SHA256: b25b8c9bab31f22fcacde8888bac236a24d9f99691db80d2f992e6cb42ea38f2
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Pine_Lumber.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg.btsrodv
binary
MD5: 35fa277b3b513e41ea2ae379156b3435
SHA256: 9877eb462d0f3fa216af001d2b8a2d10c6c3f08757c3f528294f93fe44b385df
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm.btsrodv
ini
MD5: 3def4d5ca2f2c5dc585b9b0eb47f21f1
SHA256: 5ca22c606e7eb7b62a6c87ab71c99431b70195f7ac5431e15b8034a2c94cac37
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg.btsrodv
binary
MD5: d6476091e0653d197f9d17b12a9613c9
SHA256: e4686384a67261aae7057b61fc7df935cf4f804d93d98d918f6fed8435b96a68
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm.btsrodv
binary
MD5: 25fe749a0c63ca739b18c12fa38d3292
SHA256: 58ddf24dcccd7f4d7820e0f1dfef04dd7814251355025d461622c43e0c492bb5
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Notebook.jpg.btsrodv
binary
MD5: 0183225eaccf04aaca363079e7a6aac3
SHA256: e4e62cdf1171e6f29f50cbaf4293cab87b1b6cbd97f6dd3d712004a4819fba58
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Notebook.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Music.emf.btsrodv
binary
MD5: c730f71b55714436499030222cf476c6
SHA256: c4987480d0daf03f884f8bb5a12afc7a2e6e032b3349b8d62363d9ad0460f156
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Music.emf
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Month_Calendar.emf.btsrodv
binary
MD5: 7d7e8a881c9e30c53a7eaf11f5cd0dc0
SHA256: 1fd3c65f20b68967c1d2b3a35ec6cc5f743c309493b36b05e9c48a7b465ac3ca
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Month_Calendar.emf
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Monet.jpg.btsrodv
pgc
MD5: bd867e906661663a80787e3ac787e846
SHA256: a7a68718d03eeaf9365f02d45374d7d28b4f66e11f0b59fa3aafdb828b98cd34
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Monet.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Memo.emf.btsrodv
binary
MD5: 819a309c77d0917361f6a7591a9b9d52
SHA256: a88b0d790ee273a7658ea2c9214f984253ce190549298736c847acbcd866368e
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Memo.emf
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg.btsrodv
binary
MD5: 3330ab9ce831c5d3c297dbb7b14d0f61
SHA256: e9c627b268338eb34d85e529dd4ef65297440a725911e6ef72273666d6b3145b
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm.btsrodv
binary
MD5: 65354f63034aaba3e0d535713e5d5af1
SHA256: b90290fdc133cf8b57ccdd3e054f345c1d36e015beac6a11df3c6388fb50442c
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(inch).wmf.btsrodv
binary
MD5: 7f00d17f5e339931568b4bf1fed7b2a7
SHA256: 0168c680bc7ce581940a06d154b3d7cb469dadc66d946ff57c170581ba178103
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(inch).wmf
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(cm).wmf.btsrodv
binary
MD5: b5ada6191a948e1a4c76a4d4c6e4c5cc
SHA256: bf643c51cbf12107fa2a44699fcf465de5258e5a1c4b23881f7574bda412bb26
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(cm).wmf
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg.btsrodv
binary
MD5: 2471e1579fc6b048e2bc9f5b52228b72
SHA256: 9524d9446522e0e3f008a4869948028589e987f2f7ce89e63b283f7eb423cba4
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm.btsrodv
binary
MD5: dde395a0994a3bf79eaf0de9f3323f66
SHA256: d4049babff3cf011a1c2b23226df374a7ba0db92cf7b7d4e1d04d106c8b36c6a
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Graph.emf.btsrodv
binary
MD5: 0cc0ef4a5f2dc9a48767718062cf5d8c
SHA256: 5556657ea7b42b7bbbad959a22d00d556ffc324e391699de296bc9db2b1653d1
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Graph.emf
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_2.emf.btsrodv
binary
MD5: 62c3cec12f85271276cb9d7705f13fde
SHA256: c5ba4381221c0c375aeb6419dabd6ccd2a0725022f451d9ab83e81ca3f875761
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_2.emf
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_1.emf.btsrodv
binary
MD5: 972be7ca74ee1c7aca469a3436cf6d7e
SHA256: 608d673490a70e42f61fa27fbacc13b996fd2cde500ceb28022bc0b752a6da11
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_1.emf
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg.btsrodv
binary
MD5: 3fdbbb3a932f448326fae67484e8b03e
SHA256: 90cb99840401d37462c288e647acf2725f6c4774581b7496cec9def8c4a3a280
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm.btsrodv
binary
MD5: bc20206833453970c05a14d7bc04fa5b
SHA256: 286e3dc13879f8ab56cfd716685eb1192afbffeaa87e26f86c62c5d66bdfb825
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Dotted_Lines.emf.btsrodv
binary
MD5: c64c0d03d618e35ab53ea457be012215
SHA256: 65598c97ec08165f00c64d3a8f3bcca231397f4ec3b429b42039e906e8836b48
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Dotted_Lines.emf
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Connectivity.gif.btsrodv
binary
MD5: 4e8ad44f09e4847bb89fef25d19e9d7c
SHA256: a0554be04b4a9cea2cc400542ad3b7a523608c15ba6ef9390116a01fc48f9897
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Connectivity.gif
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Cave_Drawings.gif.btsrodv
binary
MD5: 335a0a1168a16316b128d3e339eec1d3
SHA256: 16cc8a722a98fa2cc10c8105a2612b97831dbe5e058b34b85da71ef78fe81d50
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Cave_Drawings.gif
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Blue_Gradient.jpg.btsrodv
binary
MD5: 877b519ea45ea870c7f2916d2cd9a417
SHA256: 396f44c3037222963400543e9e317832d5eb8836c52bf51ff275fa604f342956
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Blue_Gradient.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg.btsrodv
binary
MD5: 33fd28e184fb803f0e960456c48cc8a7
SHA256: 3949001b43e26762480455faeee0c3fd89f7f6cfe26bfb1f7f3430dfc1507cb3
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm.btsrodv
binary
MD5: 1d66d5cf207fb1dd7d32a694846daabb
SHA256: 8974b582685194dcca7190d3647890906bccea037aadcacb6a7ce29dab12c7c6
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\oeold.xml.btsrodv
binary
MD5: d9499d824d73761624b1ff9aa95c7130
SHA256: edc7031e683b3f668c27ebc28bf00694682554224e1623a4c8de0945846c79fd
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\oeold.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs.btsrodv
mp3
MD5: fda48daa6b5feb0ed95c0cf11ad1894d
SHA256: bd44ee37f1c1ca0f9e3db1d11e1a5792a2f7e6cee4d6ba4e3079b4a5d0eba59c
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs.btsrodv
binary
MD5: c1da541d9a9a176d5cefe223f4ee65a6
SHA256: 09d238faf19418f38611778a153903a967eee212632de025f8955686a4c53805
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb00001.log.btsrodv
binary
MD5: 5a4e0c1d27f1f6d1e1a2d417942142d5
SHA256: 022f1fdbcbc65d7efc44f4cd0f1cb8b006d32ce1ae54eb3d090761deffe02373
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb00001.log
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb.log.btsrodv
binary
MD5: b570789b3d2618c162b3b7d6b1380993
SHA256: 9a64389320a14033856ef5817fbf8330164016d23bee298ee5f646ae4ce7b40a
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb.log
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb.chk.btsrodv
binary
MD5: 682800fccbe3aa1fc0911ac7f85e8591
SHA256: 2b79f99571386d8c9d884e319c88fce3ae5a17eee34c94a2f795db5fe17a11ca
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb.chk
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat.btsrodv
binary
MD5: 8008f963fcb60802b81cdcdef48dd609
SHA256: 893d4a6076ad6b1b923c4f7830cc5b9535bfcdf5ca174c6177a8c2fa67b1df69
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore.btsrodv
binary
MD5: c5e8cacf3c1bc7a93afd9f4278597bee
SHA256: f5cb114debbd1c937cd6bd50ee653af22314db8b9727eef9e3b54cf7cd6de29f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log.btsrodv
binary
MD5: 1891893895ed72595fe7c6f80677d712
SHA256: a4b28ed531497610b58366ee260381f1ae8e0d9536641baa21d1a17f6849f2d8
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{CBB626B1-8A75-4171-911F-13C42949168F}.oeaccount.btsrodv
binary
MD5: 9f044202b0c10d46e63c3f906acae0dc
SHA256: 510feabbb037363edb2522ecf626cb9583cd1ac2b7af1c14d33711bfa948b15c
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{C6756DF7-BE4A-458E-9C7E-535BEC29FB9E}.oeaccount.btsrodv
binary
MD5: dd930a294ece4c13259227c3bb9d6dd3
SHA256: 0311baa9e538546f27132522d8df00a2dc12379610ea07a4f3f02c99dc8787a1
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{CBB626B1-8A75-4171-911F-13C42949168F}.oeaccount
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{C6756DF7-BE4A-458E-9C7E-535BEC29FB9E}.oeaccount
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{A9BA3523-71CE-43CF-BD95-F75C31E87D1A}.oeaccount.btsrodv
binary
MD5: 18915b9d797a59218dc245186e16bea4
SHA256: c5c8e2c8aaf174987fc552626db250c5bf55f80798f5af417ec2cdf73399c95a
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\12_All_Video.wpl.btsrodv
pgc
MD5: 3b4247911b38ad2b3c52953f09bd341d
SHA256: 0f01b36cb24d841c36932dcec5f43a949fe7eaa07d99e35cdb7cb0bc7b40b4ff
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{A9BA3523-71CE-43CF-BD95-F75C31E87D1A}.oeaccount
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\12_All_Video.wpl
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\10_All_Music.wpl.btsrodv
binary
MD5: 99ae17c1e619aa712ab437a51451620d
SHA256: 08f1217506273d24751d9607bc0e5ae1072db672494ad28e961d7062c519eae1
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\09_Music_played_the_most.wpl.btsrodv
binary
MD5: cfc1f887e7230854c19cc5085511e2c0
SHA256: 025f190fa5d3075c0dbc19afa3c7418a846ffd6682a1f47f7663eb95ecb3bbb0
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\11_All_Pictures.wpl.btsrodv
binary
MD5: dd82cd242875af19461ed7a1b3904b64
SHA256: e71e6709d30aa0319b37d09f49f87de887ec1d526ca86aee0f0badc5ff4cd49b
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\09_Music_played_the_most.wpl
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\10_All_Music.wpl
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\11_All_Pictures.wpl
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\08_Video_rated_at_4_or_5_stars.wpl.btsrodv
binary
MD5: 39f539ff3510e973b69d67359d18ac18
SHA256: 41fa5fa87a4709a602b143255eb4658c5c0ac8a396076045dbc98858407f5e5c
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\07_TV_recorded_in_the_last_week.wpl.btsrodv
binary
MD5: 4a81d2492644dfd5f61c5549a80e3c91
SHA256: 30404ff2b0d2454ae4f069fe59bfb2ee5acfdaeae31572f01ba52a41644f181d
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\06_Pictures_rated_4_or_5_stars.wpl.btsrodv
binary
MD5: fe6cfd834be4a9a2d1993f7e76ceafd1
SHA256: 7aeb959fc01cbdc5da6b3eab9ed7dafcef8ba80e6051d2395301a7a4cdef2a29
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\07_TV_recorded_in_the_last_week.wpl
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\06_Pictures_rated_4_or_5_stars.wpl
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\08_Video_rated_at_4_or_5_stars.wpl
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\04_Music_played_in_the_last_month.wpl.btsrodv
binary
MD5: c43a45c8f8e9d3db6e2e761ade07ef9a
SHA256: dd850d287a91657087306f8b0e874d948a57fa27fdfd858c2820ba6c1c8e4222
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\05_Pictures_taken_in_the_last_month.wpl.btsrodv
binary
MD5: 3962db2cdd569c105e2fb57ba42d0a40
SHA256: 24498b2c9eeb48814fb4376bf0d25c13fb387315aff29d719293053bec1a94f8
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\04_Music_played_in_the_last_month.wpl
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\05_Pictures_taken_in_the_last_month.wpl
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\02_Music_added_in_the_last_month.wpl.btsrodv
binary
MD5: 83d4294f34bc27c2ab58de9457e0363f
SHA256: b767749a3b5d5b13f3b5f1c7d702f6e56c03a142304863bac12e40899befb92f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\03_Music_rated_at_4_or_5_stars.wpl.btsrodv
binary
MD5: 6e2fc9e365be0c5f9b887663f529cf8f
SHA256: eef47cf6098fff39a4e70a0fb4ce4e8f177d13f2e9b60372be2658cc9315dfc8
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\03_Music_rated_at_4_or_5_stars.wpl
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\02_Music_added_in_the_last_month.wpl
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\01_Music_auto_rated_at_5_stars.wpl.btsrodv
binary
MD5: 60d7b9a80235472c0ba2f216fcdcf849
SHA256: f84814e5f99329f0533d347dad2fb5f51a23f1262fc36adc758dee5ab3bb408f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\01_Music_auto_rated_at_5_stars.wpl
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb.btsrodv
binary
MD5: 891576cd10d6c64be0da33e1154204fe
SHA256: 659ac09d13e743a9f6fde1dbf7ec1d1c44b6b862ec6e7ba50348f69d5b06d2cd
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb.btsrodv
binary
MD5: e11a14888e15aba020908dbdfd907752
SHA256: 33e5e023b2db77b4a80d004094e9a54c666c036d06531b7bca2061aaec23d2fe
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\brndlog.txt.btsrodv
binary
MD5: 543754e2ffe4dd72f291890c1b1b36bf
SHA256: 2031251f5b5b68ae19ab9adfe9a6354ebc6237939d901b0ce774f55184be9e8d
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\brndlog.txt
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\VM3JD5NM\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\index.dat.btsrodv
binary
MD5: d525b31e1f4c7836a2ffa10d2fe858dc
SHA256: 1bfaf48af992e29609b1144459847a2b982918b044f0643b005117edf08d1e43
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\index.dat
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\HPSK10OB\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\G4PHTCUR\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms.btsrodv
binary
MD5: 1f8b67106ce559c0a60d999a4cf8ca2b
SHA256: 92fa192f81ef4ed08247cc94965bb3efd843018550f1e464bc17da842d5d5fdf
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\9RI45C46\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms.btsrodv
binary
MD5: 729d35715e28c753f0ce455c6aaedce1
SHA256: 483b755f5e336512d622f91d8dafb48c5583e5d3df54f0d68b79dc0eea59cb83
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms.btsrodv
binary
MD5: 75ab157b15bdbb1d1e97e02641290e02
SHA256: fa835be298c10c44c38f25a80760493cdbc267ecf7d139028e3401539ebe01bc
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms.btsrodv
binary
MD5: e26dc56809a12b7c0b8a77473b48aae4
SHA256: 6c9ce0491d40b3064aa8ebb4eb152f2e44ca6a61665f90a7a0802024a5d5ed3b
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\USA~dgov Updates~c News and Features~.feed-ms.btsrodv
binary
MD5: 06d4b04d2179477539dc4c56b54ff9bd
SHA256: fee5157cfafc2ac163b01cbcdd26ca3a1caf53d701eb6c060bd8a52280956484
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms.btsrodv
binary
MD5: 8f31560e7e9fffd888abc65b421f80b7
SHA256: f302bba5c4411fe3890bb31ecab790b25bdf9a75f8231456d5ebe5e2b4cf017f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\Popular Government Questions from USA~dgov~.feed-ms.btsrodv
binary
MD5: 6a267fdc0cccb084a4a41da84e1ef6c5
SHA256: feaafec421b9a3055ee4ee452cfab7f3fc23e2c451e2dd4d51011aa16d7fa799
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\USA~dgov Updates~c News and Features~.feed-ms
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\Popular Government Questions from USA~dgov~.feed-ms
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Administrator\AppData\Local\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Credentials\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Templates\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms.btsrodv
binary
MD5: e1b4a5be40fd8d5dc6126ac4868b3c49
SHA256: c90b166f0486e6d7557b45c1e9a3a81aa26aeb95a2390adbfc826861be9e7c15
2568
file.exe
C:\Users\Administrator\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms.btsrodv
binary
MD5: 0254e88683c4aeb29cdf505a9b626e69
SHA256: d5e4da7999f9aa37dfafa5dacbe51a11eede93ba74ffd3ded7de43d3d9e2f1d5
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\Saved Games\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\Searches\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\Pictures\stateplaying.jpg.btsrodv
binary
MD5: 82f57f2358f43417ca4a26bceded7064
SHA256: 5cc3face5635098fb9c71c250f71919693a05b0ae49e773ca1ea49681823b69e
2568
file.exe
C:\Users\admin\Pictures\wedestablished.png.btsrodv
binary
MD5: 7cea1e1a39ec5f3746318b67df2d290a
SHA256: 5f54aa4bd9cf731bdefd8278e7a7e24fe303fad4525311da71a41bf0b84ccea7
2568
file.exe
C:\Users\admin\Pictures\themfall.png.btsrodv
binary
MD5: d0ce589c00cc97f9931f880385f38c9b
SHA256: 30285ae6b499eb1259e6eb3e7f4ccda6fdd1b90c8d6e5ea3c58c3f8a56c420f1
2568
file.exe
C:\Users\admin\Pictures\wedestablished.png
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Pictures\themfall.png
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Pictures\stateplaying.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Pictures\longeritems.png.btsrodv
binary
MD5: 4b5471428534c1b7c598e6c247923286
SHA256: a1de1f0eeb95a2d448fa77d6e865b1c7a5969e703d2a71dddc28e5e6bae854fe
2568
file.exe
C:\Users\admin\Pictures\industrialw.png.btsrodv
binary
MD5: e7ce99c40ca1a4bc4b4f4c6afa45a39c
SHA256: 18c2f89073beaf7afcc3472d21d67fe46dc40fd4174908aff19c1de2a7554af0
2568
file.exe
C:\Users\admin\Pictures\industrialw.png
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Pictures\longeritems.png
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\ntuser.ini.btsrodv
binary
MD5: 239e53450135c0825df8634569c1346a
SHA256: edf2aace567e8bc0340df61ec3f0a1631fbfc4fa78c567d155c172ea064141a3
2568
file.exe
C:\Users\admin\Pictures\floorreturns.png.btsrodv
binary
MD5: 6f4b69e5a6dd4acfad0ab4680dd36385
SHA256: 4a66c0b16c6cdb82470470873a9d6b36969e60509193773ed44a0c4a66c2287e
2568
file.exe
C:\Users\admin\ntuser.ini
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Pictures\floorreturns.png
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url.btsrodv
binary
MD5: de223af446df2f5eac1b1c2f70f6c489
SHA256: d505f261fd822f1ac11cb8fb76329651011b8bc7a26bb1b845826f9885204c29
2568
file.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url.btsrodv
binary
MD5: 5dd0fc734b06480a6283c1dc2d66d569
SHA256: a38009a6b6637c9ffb366938db811a082f72cd32653563d7a0f5cecd2af79881
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\Links\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url.btsrodv
binary
MD5: 6971149e213c7f55035915ee4ed2ccef
SHA256: 04c8378e4d2c138aa2e11f83b02ba716f24c8a50f4ad385fb7ec6d13134ed373
2568
file.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url.btsrodv
binary
MD5: 82c9e6fec04e9ff30f2aed85a0b153d5
SHA256: 48c3e708edb56a0cbe9849701b9ecc1e6ecc0de67d4079b4b35ca573841f08de
2568
file.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Favorites\Windows Live\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url.btsrodv
binary
MD5: 5d4a9c106e7ce75da8c645b09c52c57b
SHA256: 21c8322a2f671a6b9bc0c9c779d2d7f6c1bf2efb8e9054c943530f1a4810447b
2568
file.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url.btsrodv
binary
MD5: 1142dd03b3ab47290ee4ff8dfcc232a4
SHA256: 60e80a5456e221cc8f5ac520214e759c422f06166a39431a7d0743cd7f045656
2568
file.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url.btsrodv
binary
MD5: 37377c9865ffdef644c58a0ce64bd630
SHA256: 4754d9494151641218c5b117188f35be86577538bdeb23b65b44c0c3142584c6
2568
file.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url.btsrodv
binary
MD5: 4e54ab6c0ba8d3480b63dd46885ce8bc
SHA256: 6673dcf1ee6a76945b9f33c77b56470781b473028581e72c1b4c5360d6e47eae
2568
file.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url.btsrodv
ini
MD5: 1dfd4d8622a97c1a9682f573f3aaffbd
SHA256: d58e6bcb5d4d8cd4404b9f283b4c4678d5027132a739c49649ba106317a94ab5
2568
file.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url.btsrodv
binary
MD5: 9505d997b1f6c050934b82e773e6288e
SHA256: 404cc3dd84a4d85f437126482e45888e80ed6b34b2d80b97f6670a0489f715c8
2568
file.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url.btsrodv
binary
MD5: 9730853980305f67e4360c7e94effb3b
SHA256: a308bd5c83ea0e7072d1a626a339a97a63b350821d0ee6cde7336f01bbbd2449
2568
file.exe
C:\Users\admin\Favorites\MSN Websites\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url.btsrodv
binary
MD5: 7651c676ea8f6d0e913ad296c0d5c2c2
SHA256: 7e054726722617ce9cc83f926f1aa83c14501e0ef15bcd59f50f4ad47270ce4e
2568
file.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url.btsrodv
binary
MD5: f76e6c6d2cc4e42ef0fc935bf161c5a3
SHA256: ef40db13e199e3e5ec95f9191854eb2c53ad4cca00244a7b8444cca8b3583d3b
2568
file.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url.btsrodv
binary
MD5: 159c4a7e1f0240d735dd7c39c4b46605
SHA256: 881d582b587384803fdd925c62c168abf19e48b45793a76d984eff503a9c827b
2568
file.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url.btsrodv
binary
MD5: 10c933cf9870cac7b7054c71caafb067
SHA256: 822b4d97af073b8f931dfdb2a78a71957f812baa51d658065b877b8f8bb61fce
2568
file.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url.btsrodv
binary
MD5: 213a31eedb214e02b2aeeaa001a0eeb9
SHA256: e06c9647141f92b7a7024de6e571f68b806745c08ffe71744f158e750320a080
2568
file.exe
C:\Users\admin\Favorites\Microsoft Websites\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Favorites\Links for United States\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url.btsrodv
binary
MD5: bb37e95c40141c2ccb8e4f647a27aa9a
SHA256: 921e8f348d1fa1602d4c59ac7a90b72fe5dee5e31d1fab594f749fc77d5f14a0
2568
file.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url.btsrodv
binary
MD5: dac31e88d2e60094c859e7fdc8820f51
SHA256: 4f24e1395f90d05515194e55549aae7d01aa92369ffe45d63baa8caf7bd333ef
2568
file.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url.btsrodv
binary
MD5: a46ddadfc284bc77e38578473e4382c3
SHA256: 86a5222bad6422443fa491f757c092522adfef608cd6c15bc21cb52992d153f8
2568
file.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Downloads\streetplayers.png.btsrodv
binary
MD5: 25c3718d7e967139a6c06480131b0fd0
SHA256: 76901993181290e3398e8732a670ee1fc30472ee94cdf4f783bd7c35557ca158
2568
file.exe
C:\Users\admin\Favorites\Links\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\Favorites\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\Downloads\linuxtrip.jpg.btsrodv
binary
MD5: 7d8f609d0521cd0e00c191dbef6a5e8f
SHA256: ae9c61879e15b7dda53cd8da5164aa2a1da073a6e4e6155aa7cdd84027a66399
2568
file.exe
C:\Users\admin\Downloads\streetplayers.png
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Downloads\linuxtrip.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Documents\photocreated.rtf.btsrodv
binary
MD5: b7622338614b9fa61dcc18babdc6ff99
SHA256: 8e030d6972c62c0beae9b45ae15f1dbe6da611d5dd5e9059eb88cd1da49fef71
2568
file.exe
C:\Users\admin\Downloads\housecenter.jpg.btsrodv
binary
MD5: 2817d45618821de71a80b30825d7ca36
SHA256: 606560c14992a3140f5e3464e0ae2ac49acc62c7833ceae2ca259074631500fa
2568
file.exe
C:\Users\admin\Downloads\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\Downloads\housecenter.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp.btsrodv
binary
MD5: d1193e5a6a41c780f3d349dae35e5e2d
SHA256: ab30c543f3cda2154788026ff87fd4aed006cfe560e319bef3b9cdd7068fbca0
2568
file.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst.btsrodv
binary
MD5: a5c106a6f1a4e0570d4ad23379003cba
SHA256: 4d835ea08c7a4c9cc6b17e7ebf224d896df0125e6636763aaead1c7668231777
2568
file.exe
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Documents\photocreated.rtf
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst.btsrodv
binary
MD5: 7767ca640aa1251c2be79ed89912f31b
SHA256: 6635c0c0e6a7bd80161e5eca9943aaf86a11405441d4490a6dc173c5fb77ca4b
2568
file.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst.btsrodv
binary
MD5: c5e953371106887fdde67b4775253e55
SHA256: ec33d438d3995b18f614eb4fad605cd6e7219eb58c319f2e816fd3e1a43b6d8e
2568
file.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
binary
MD5: eb0d45104b764b4db78a883602fde56e
SHA256: 1a383a2b4e71e1af07637ac38c447b3d3f3b11af9dc0675852e72ace31f516fe
2568
file.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Documents\Outlook Files\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one.btsrodv
binary
MD5: d5eeee0525421e00d05c8ef7679afd47
SHA256: 5ea40ae8d4cec0b76202029b069b51d5974ea696283cf63bdb2f2ec667ecd067
2568
file.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2.btsrodv
binary
MD5: 17ffd9ca0741ed8a1c77eaecc78c7a9e
SHA256: bdcfeb40c46b604016f464283bc964dd210fe9341efc8fbaaf1ea393a88820e1
2568
file.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one.btsrodv
vc
MD5: 947d3a43062b2b9e9f8dfd00194563bb
SHA256: 7a8603bedaf131a3f747efa31d2522ef3633d0659dcea98785471a703c8a4b8d
2568
file.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\Documents\OneNote Notebooks\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\Videos\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\Music\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\Documents\artcharles.rtf.btsrodv
binary
MD5: c771807e6f40b03ed4276597adff38b8
SHA256: 6f40d04c49e049adbdd4289572d240661b413ae4c0be5c64958ea9b1446edfc5
2568
file.exe
C:\Users\admin\Documents\chatrepublic.rtf.btsrodv
binary
MD5: be3f6bcd3c887d7b75bf0c7651099e66
SHA256: 4e637da56a7eb86f55218416b914ce2f15e04e0384ff399c0b20d8282da09bdd
2568
file.exe
C:\Users\admin\Pictures\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\Documents\chatrepublic.rtf
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Desktop\weeksinstead.rtf.btsrodv
binary
MD5: 48b24e586545636f43c939099a5fab27
SHA256: 0d9853c76d435b5f78eb6166f6a3779ac4469540a18e74556e2a790bfe7e7684
2568
file.exe
C:\Users\admin\Desktop\thereforechristmas.png.btsrodv
binary
MD5: ca951dbe20dcea9cd549c1d0b4e7c9fc
SHA256: 3b2f9ee19e9a908886cce571018bc4cae311fd8b879500e901ab5f169185b140
2568
file.exe
C:\Users\admin\Documents\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\Desktop\weeksinstead.rtf
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Documents\artcharles.rtf
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Desktop\thereforechristmas.png
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Desktop\speciessector.jpg.btsrodv
binary
MD5: 7a3ab5c31449371a317bce2906fb804d
SHA256: 439fd84413fe4ce1e45ad687cabc51d453888fe2860ebb5f1f65e50e9469e441
2568
file.exe
C:\Users\admin\Desktop\teacherplant.rtf.btsrodv
binary
MD5: c9d9427aced581d721d68bf4880f5941
SHA256: f55fdf6285b666f5a14276a0cb385e524cddf8fb2aac8795a834218bbbb8083a
2568
file.exe
C:\Users\admin\Desktop\speciessector.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Desktop\teacherplant.rtf
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Desktop\shippingtickets.png.btsrodv
binary
MD5: 1251a13164665ce19be3533c54487b52
SHA256: fa6b539ad90269b95630ea1fbab226dd57aeb02ad7a67e912d587ca5140d0818
2568
file.exe
C:\Users\admin\Desktop\reservedlink.rtf.btsrodv
binary
MD5: ebda30dc68e022b6370bc9115a8cdb7f
SHA256: cc1430d6df5fc32692d14eeeb447250e5feb297d8917e24d8441554a06c5adbe
2568
file.exe
C:\Users\admin\Desktop\resultstalk.rtf.btsrodv
binary
MD5: a92b101f24c72db14307bac64e592474
SHA256: ef782f7f2b13c4a30a498a11fdb9869983385937a597121255437beeeb9b384f
2568
file.exe
C:\Users\admin\Desktop\modelspaul.rtf.btsrodv
binary
MD5: 95ffade82a0b52b721ebcf8ea76da929
SHA256: 5251fc2cc5d5d166fed2becff0b1c676d1408e4b9911e76a86b2e6cf7e9a176c
2568
file.exe
C:\Users\admin\Desktop\shippingtickets.png
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Desktop\resultstalk.rtf
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Desktop\reservedlink.rtf
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Desktop\coveragefood.jpg.btsrodv
binary
MD5: b01fd3e1499bbfff352fb3c9c3939d2a
SHA256: 07fb807677b07d09d0bc026979c7e723fa29c4ac0012f70ce96b7185f6739ba5
2568
file.exe
C:\Users\admin\Desktop\buttonannouncements.rtf.btsrodv
binary
MD5: ae052147afe23d8f24b911561ceb7b2e
SHA256: 640fd7261214ed3e0a33e45d7890e93e9f40e10eb82f40e9dd6a98e4a065aff6
2568
file.exe
C:\Users\admin\Desktop\modelspaul.rtf
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Desktop\coveragefood.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Desktop\buttonannouncements.rtf
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Desktop\babyiraq.rtf.btsrodv
binary
MD5: dfc509c03f64c26b4b86a2006cd9e428
SHA256: 4c46c7d2b497a8c9b4c0c22b1e528a002ec3634ab6a13e748e9658760b03289f
2568
file.exe
C:\Users\admin\Desktop\biblemedical.jpg.btsrodv
binary
MD5: 28b628566277e6a3af9647deaf48481d
SHA256: 696b3c15379696e4ea23e3aad5ce322626a22d70db1402738891a02101c41e11
2568
file.exe
C:\Users\admin\Desktop\babyiraq.rtf
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Desktop\biblemedical.jpg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\Desktop\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\Contacts\admin.contact.btsrodv
binary
MD5: 33cc04fa2e5e29f0d857a2239983f4cc
SHA256: e40e8931a4410a3838ddd776a5ac8a6201b7840efb8d6a9dab1cda7e56ccfb5d
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\Contacts\admin.contact
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Sun\Java\Deployment\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\Contacts\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\WinRAR\version.dat.btsrodv
binary
MD5: 816ba47c600fcb1604a434c6a43f55ae
SHA256: d8415a7c16168f8ad2cd42a80043c35d9a8239383b6411cb9218925fcf332e00
2568
file.exe
C:\Users\admin\AppData\Roaming\WinRAR\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\WinRAR\version.dat
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ecs.conf.btsrodv
binary
MD5: 0c836e21e37b8a5efbcdb72c6a6bb88f
SHA256: 1a53f1aade5ba78cc2b90f55debc64481a593acb8239d4dba424051fae0428bf
2568
file.exe
C:\Users\admin\AppData\Roaming\Sun\Java\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\skypert.conf.btsrodv
binary
MD5: d436696703328571f50c45302772cdcb
SHA256: dbd644c55db1c5494b9b1dbac6af177700985d84baad4bb43e4afe118758727a
2568
file.exe
C:\Users\admin\AppData\Roaming\Sun\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ul.conf.btsrodv
binary
MD5: 6482fc0221b8b76c38bd2ae5feeec1f3
SHA256: 3ab2d1e230e90d8ae455a71219976ca9c97fd75d8a0666ac079b54b4a661d7f2
2568
file.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ul.conf
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\skypert.conf
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ecs.conf
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db.btsrodv
binary
MD5: eaaffc8cca97259368a7f4a022fb773f
SHA256: 4a206e146346c814c6717abfff4176b2dd1b76024c2b8e648499484fa1646309
2568
file.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db.btsrodv
binary
MD5: 2e7cbd437990f20a5a444f02ecdcc77d
SHA256: 7f73069878eb5d8b74583f7d3158c5b7b78a94ae368350e4bd3af60b414d7a15
2568
file.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db-journal.btsrodv
binary
MD5: 1b54cc28ed84924291feb187f9a07285
SHA256: 505a0ecd5d3ab229d49ffd1da5c8f2a67f175ea14add37effe67d8073263dc3f
2568
file.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db-journal
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\offline-storage.data.btsrodv
binary
MD5: 42ed1631f18b4dad104250b90f646764
SHA256: c38cafb6400af9e9efd81403725241735e3280dc04b9d43a7ffc4a30ce98c0fa
2568
file.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Skype\logs\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Skype\shared.xml.btsrodv
binary
MD5: c029c4f22d27cbd1bfb1356cd2e8c34c
SHA256: 46d1c3df168c7344492f964c2835ee0301447006f5890425c58155042a49ec1e
2568
file.exe
C:\Users\admin\AppData\Roaming\Skype\shared.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\offline-storage.data
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml.btsrodv
bs
MD5: a73ca8b067e6959534ab0e55f6cc38f2
SHA256: cb1613605fece2cea91bfe2e01ee4c2455a887ef4cea4a6251938ce8f63f98ee
2568
file.exe
C:\Users\admin\AppData\Roaming\Skype\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini.btsrodv
flc
MD5: 380a7679b9dd03a436e309462ac9a55a
SHA256: 86343958ae0b8f19916dee73ae040c8427854d43833c9c1398ad1d692252154b
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml.btsrodv
binary
MD5: 6792871a7689df0951294297e5dff8c3
SHA256: 1634b02f7aaf4dc9cc30789719f6d15f56f0f5709da31fc4314ec505177690d5
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\wand.dat.btsrodv
binary
MD5: 0dc2acee9ee95a7f01d163152edfff85
SHA256: 568f7b3d83e7ad4ba6c46f74e9cc3d5f6cff49ed9a55f2eafc84d37ebacbf7f2
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\wand.dat
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\toc.css.btsrodv
binary
MD5: 84bf303076ece67115309d8bb66c02c0
SHA256: c4b8dc4d643ee20b6989496c2d953cc01baff74ec8ea001d10ac86f610918904
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\tablelayout.css.btsrodv
binary
MD5: 933e129988912a48505890dde993c9a3
SHA256: 0937c9b28df29430974d4f58271137fe3e3c8598d032877126a5e2dfa043b0ab
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\toc.css
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\tablelayout.css
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureinline.css.btsrodv
binary
MD5: a77d07464b35b4e48adee8ec13a32cb8
SHA256: b35d560fce6243705123b0dccc86e46cf523fb07b4d5e0f0f03dc032079421c0
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureblock.css.btsrodv
bs
MD5: e6cfa17611b8101dca2aada50ca467eb
SHA256: 3d28e724004eed281e98968bf082d00c9189da415d116d083f9008951d04ac28
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structuretables.css.btsrodv
binary
MD5: 243e6dadb33e6dc27e96c5af81432a74
SHA256: 6ed0d5f32901dd3afdf37ede4eef2f5edcd34a6c511218e8bc4cd5660aa234e3
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structuretables.css
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureinline.css
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureblock.css
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablepositioning.css.btsrodv
binary
MD5: abe365e406ae848db993fbe7882c7109
SHA256: 90d4e99371ddc42aa0786148255c4a460ada55baf19b10ea798dfb6bd2d80d3a
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disabletables.css.btsrodv
binary
MD5: d13ff5bf5942f20f0541bd5b067b0e69
SHA256: 0cddee91dc7ac1b91806e63678dfc930081eab70f04f4a35f72670bad293d0be
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\outline.css.btsrodv
binary
MD5: f88a3e647a0f4029beda68d62dc002b6
SHA256: c0acaf1c8e9e525ddd080daf291d9cf5c73c09c0b844a418c137e1670059ae7d
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disabletables.css
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\outline.css
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disableforms.css.btsrodv
binary
MD5: abaaee63830aa602e153463536a04c68
SHA256: dd71e97e998e485e17facd3613e917ab682a03f2f2e7201c134b550fd2c029de
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablefloats.css.btsrodv
binary
MD5: e1faff6145443c0741ffcd29b35f071f
SHA256: 2a1bc7438511b53f88949f2d1e487fa6f1b9ff7db99f126b7b43b3c033d4d50a
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablefloats.css
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablepositioning.css
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disableforms.css
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablebreaks.css.btsrodv
binary
MD5: 13f0914b4f304c01fca77b2d433ca1ac
SHA256: 15a40f7b906aa64071ac3f91de6a3655ff1fa5e74485d950033d8ec4e4c8ee1c
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablebreaks.css
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastwb.css.btsrodv
binary
MD5: 23882ef0d955fee767c24170fe7ab511
SHA256: 02ba4bce600c6cc07428f8b1910e6d4d516d8abc2a0d603c97338001758d0008
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastwb.css
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css.btsrodv
binary
MD5: e0ff5339c3783a44c8708c91badf760a
SHA256: 16ec019635ee310af3bd42a266d1b672460d51a2fadd7d6a8483667f7838b6b8
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\classid.css.btsrodv
binary
MD5: f5b67f315004328a8412353c1814f68e
SHA256: 7343156d1fbb7d0e39efd15bfbce6d4c0f7c76e0add884eb1c6d12d2bdf47f24
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\classid.css
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\altdebugger.css.btsrodv
binary
MD5: a11c3cb02a280d7ba82893f568349aab
SHA256: b8f9489dba92de16ffa2ddc21d48787393e14efde6fd2313bcdbd1ad1f3b9f9c
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\altdebugger.css
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\speeddial.ini.btsrodv
binary
MD5: b0f8719821a94aa137f997b5d418ee15
SHA256: 9f9da993499236d7d95d7a5ab25fb85d2c3d98431ac1ba843236f79b5955fcb0
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\accessibility.css.btsrodv
binary
MD5: 944f90f39681df9d1a1f1ab799178663
SHA256: 20bec446387361d3a52e0dd8f390b17fbd95845086570ef6f1d37b55cf3cbdf3
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\accessibility.css
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\speeddial.ini
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat.btsrodv
binary
MD5: 6db7615f67b3fd5a793ea7e544a4c768
SHA256: 806cc6796d7524503c84c821bc243ee3da6e5d762f4241bbe595c4efa0da1b79
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat.btsrodv
binary
MD5: 1f03ef2bfc80fe48d2178c3cd56488c9
SHA256: 39f9a5280f5cec1920a57493fd9058b918ade4db19fa41575140bbbc86956954
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opthumb.dat.btsrodv
binary
MD5: e3a86223bdbbdf4eba44d63c2be7ca6a
SHA256: 93ff0ae64e0f618498ad3456d2299d39cb6e5a7f1092e1b85d0f53808cbcea89
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opthumb.dat
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat.btsrodv
binary
MD5: dbc3a0b93cdc514c98cd2fd50588a422
SHA256: 8bd0c640bec2955113a60f54cd981917603e0fa065be29c1f808b682076744b6
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat.btsrodv
binary
MD5: 89231f2ac8bb16fd594ed9a26d049f5c
SHA256: 308be5c856f3e2337d7bf313ffd96843d96caa34f8790c6466fa572ac951dce3
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat.btsrodv
binary
MD5: 61273b2a9f1a22792d36168024a79ad9
SHA256: 3194611607331bbf971a287820efa0c74bc88698ac694303e9bcadacda651f0c
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini.btsrodv
binary
MD5: 0b7c06196eebc12f6db76bc7ab195d7f
SHA256: c311191460c581f391e5ded23811de16d77c8399cb6ec83cca0c603daa8d6466
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat.btsrodv
binary
MD5: 53b34f548c2fa2cbf3fe8571b87b47f1
SHA256: af069f82e1dc04aceda7527e2e480e5ef05ba4c95d23fef73e2f4d674690540b
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\handlers.ini.btsrodv
binary
MD5: 2d2546e4c6d6845d76f8177e76ecd5f5
SHA256: 7454931d3aeff2d267e480a9864b3bd6b9fea576bab26794914d5dc92f3baa7e
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat.btsrodv
binary
MD5: bee7f0f982c08a1ec3144a25c8f43647
SHA256: 62878838b2155c4e25853c2aafbe9fa42c3fc4c7d1007873429c8d1db88b3337
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\handlers.ini
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\bookmarks.adr.btsrodv
binary
MD5: 4eb339aa6585204132c800d30c6dafc9
SHA256: dc05426da10045ef04ee8e3d6fb4e3b96bffe83486dacf5fc7fb7e255a52d6fc
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat.btsrodv
binary
MD5: f1e9b78c4b5569f01ad3b354449d0134
SHA256: 2a129e6398e3a1fa081a450ae7c9da7c7603aed2c2c52033adf4188584c7f5a9
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\bookmarks.adr
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\vim Dark Blue.xml.btsrodv
binary
MD5: 3e9acf8cdd13a0eaa0fb4f7545485649
SHA256: d31f41053f67b8f806be117af4cbc5f783168e73a5002778239e81e7f27fbf53
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Zenburn.xml.btsrodv
binary
MD5: abe9b3e07ca53253fc68fb0a2edff99c
SHA256: 747c47b6d851e06585a3f19a43117a974bd2f9bd5e2a33c4a3311ded2fa14afc
2568
file.exe
C:\Users\admin\AppData\Roaming\Opera\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\vim Dark Blue.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Vibrant Ink.xml.btsrodv
binary
MD5: 43159f6ec6c4424021eddb4a274bee13
SHA256: 5150193a09242a6591e26218bb2e1cc1be98022a61d46e049e030717465d0ec4
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Twilight.xml.btsrodv
binary
MD5: c662785b8e4bb0b643e46a7b0c1e8a3f
SHA256: 2f995befeb6605080dc9147cb6c98c66720f6d75d54e6492437e540cc7a62bb2
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Twilight.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Vibrant Ink.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized-light.xml.btsrodv
binary
MD5: 19ea24a544fa1f44d515fdc6cb61eedc
SHA256: dd86122a0113f1f0776294adf737a796a9b4b6806cccc2cd64ffd3233384a287
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized.xml.btsrodv
binary
MD5: 4c7e27f108934609306ed867baa6eb50
SHA256: 9fd40a15ab248a1ca74fe0539ac5b6b9e2bd3b96e2af5c8aad25cf4cc556b066
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized-light.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Ruby Blue.xml.btsrodv
binary
MD5: 836e04a6badc202c3ca5d4520cdb2f39
SHA256: 75e49f8e921ea2b2ffe43af104882eb6a59e186a73597405085d401799865d02
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Plastic Code Wrap.xml.btsrodv
binary
MD5: d9f0158504cae96ff08425a185080382
SHA256: 3d587144a1c7bbb0ad955b162111a8559b6e825797857b48be0431e786654434
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Plastic Code Wrap.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Ruby Blue.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Obsidian.xml.btsrodv
binary
MD5: 3778478f76feaf8d8a55c792e4ba1099
SHA256: d221d035021349ff9fc3eeb092e31ec864de21acd1a83aec630642ef8a823198
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Navajo.xml.btsrodv
binary
MD5: c34ed76a056922036fe9814a33d66020
SHA256: d9222ab39efc09f23c98fbc124483b9e013961db319e5050940cf66ca05f8014
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Navajo.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Obsidian.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Monokai.xml.btsrodv
binary
MD5: a331c6da395595e5a65573647652f413
SHA256: 3b1cbf0c8b339a25fef8f81903bf0b03da9561499004a8a49aeb873680294421
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\MossyLawn.xml.btsrodv
binary
MD5: 84e2faa15b6db7ec80b6e1d15691fadc
SHA256: 2fff2b5b094c8539365584e6963aa8628c1cde75306122d322b7acdb1a9c2886
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\MossyLawn.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Monokai.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Mono Industrial.xml.btsrodv
binary
MD5: ed5c1c9481140d8a26124840f2c5d0fc
SHA256: 0f6300165bff1bbd52342a993d623068707274d4dd399e0a2fc29c5e043ad7a3
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Mono Industrial.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\khaki.xml.btsrodv
binary
MD5: 4640658d578754634516a0f68235892b
SHA256: ccaf777f87062bdb78afe6360b400c00fc2e7c1885531d59f8c68357881ae201
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\khaki.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\HotFudgeSundae.xml.btsrodv
binary
MD5: cee926094bc4b1ecd4d2a5ea2bdc5389
SHA256: 589c38e5ff36917b5b06b737016e8ba46bec6f108dd7f96f9aeb980be097d1b2
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\HotFudgeSundae.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Hello Kitty.xml.btsrodv
binary
MD5: 4c85ba5483c0f3adbe7b8698751de247
SHA256: 72d036fd9b26ce065f46c472fd7a5805db5d1a36ac9867df51d9fe18322b048a
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Hello Kitty.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Deep Black.xml.btsrodv
flc
MD5: a5f255af2be32898089e6decb1e2cbb6
SHA256: 53c75410a4d52f9d8d69d37e3f2740f55c572f665aee92544e4db1595a6940f0
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Deep Black.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Choco.xml.btsrodv
binary
MD5: a6b969eac7d2535337142cf3f72d598f
SHA256: 9c9c40d87be6f2f24f7770629613605d8ca9d5ce849a276bec51dfc731148cd7
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Choco.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Black board.xml.btsrodv
binary
MD5: 93f42788a72488cc7d98ed441468fbd8
SHA256: cf5f7ef1f0f1a94a075616cf437fe59a038f747185912d37bb3f81a52e39b5c7
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Black board.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Bespin.xml.btsrodv
binary
MD5: 86dc1c6d1ceafe3c56a17d970670e6b0
SHA256: be5a698520c461dc6cbb2652f61149e7ce185160c6bfc06c9ce682fe0f027d6a
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Bespin.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\plugins\config\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\plugins\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\functionList.xml.btsrodv
binary
MD5: eef763fd98015c1eeed348f0e199d3d3
SHA256: d60cd22d010e65a65c503fe96173629ffbfb4e3c485ceb660477d48feafadcbe
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\functionList.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\contextMenu.xml.btsrodv
binary
MD5: 40c415c15ff12fb1d8b8a7ba852cd87a
SHA256: da789fecab803c62fc1e03aa48e26c6b91e9a39ef8c95afd19b9bcc4502b6a3d
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\contextMenu.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Notepad++\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles.ini.btsrodv
binary
MD5: 70b61e143eaefd011dcef5b1ed802fc2
SHA256: 72d7c7de235e42fd6e5615c57e9be6fb8865ea70e6c6611770ffc88eb526ae9e
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\SystemExtensionsDev\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles.ini
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json.btsrodv
binary
MD5: 3f77898ea3f4d345038569b1b079bd04
SHA256: e8e56ac2610ff6afe343816928927370b7c6d07145164d536085484ff95ee609
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite.btsrodv
binary
MD5: 25d4ca1a68ef136b32a9ce2ef62c48ce
SHA256: 8bd760f0d5f4283b354b7a0cd4e32be898017bd8f44caed2ce23c5bd2c2c63a0
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\tabs.json.btsrodv
flc
MD5: d04c8aeb6125a2e9daa7d11c473d0719
SHA256: 50c01eab90fc35c22ecf30113f2fd8dcf3b1fa96cb6dd316d6c1218cdb1978a6
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\tabs.json
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\tabs.json.btsrodv
binary
MD5: f01f497fd350d4539e72c4a06aca1adf
SHA256: 82e1cc0b93a0d133c09a8f4760cbc7784f167296f5760701f298f6ed3dfe89ab
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\tabs.json
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\times.json.btsrodv
binary
MD5: 565099202716f3d4ff0f3069d15e65df
SHA256: f3923a2b438a2ee85293fb546f60fb415334f74623c0f8b44345a889430c7c81
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\times.json
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage.sqlite.btsrodv
binary
MD5: e821a57226e201e2f9df93c5926a3ea3
SHA256: cb21b13d71a69aabaeff9446a7b142167c52c27d15119678bb51bc48b7d2122a
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage.sqlite
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\temporary\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite.btsrodv
binary
MD5: 4abf7ed57fe7056472f1db5966f67a87
SHA256: 4ee686c46840b19776ee6e055327a44a75fe9c7ec6e166384ce7d2de766690b8
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.files\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.sqlite.btsrodv
binary
MD5: 816ef6efa9acc4d21053eec9195cba6e
SHA256: 3ae1263a2d15aba2aca4514a92fc0a115c0aa472fc744c3f24629d165687da1e
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.sqlite
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.files\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.btsrodv
binary
MD5: 519153c1147354af26edc8b00860c5ff
SHA256: 52619e547638bad0a2483289cec7e4d7d7105de046a2aa8ed3194e13389da09c
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.files\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite.btsrodv
binary
MD5: 7e88914fd2bad79fb9aa1530246b55ed
SHA256: 6f8c9c625346198a8b1f91b781a90fbc9d80b66e0bdccfd52711df5ea4d7996c
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.files\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite.btsrodv
binary
MD5: e97bcb51eb0694b1dedca043ab7c16dc
SHA256: 2e4dce76fb58da3f220967cc15def5ca8d39fae6050c66ddf953c2309de0b92c
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.files\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite.btsrodv
binary
MD5: 9cef182174e0b5389990161d328216cf
SHA256: ebc8998be1b74f87da4e1833183bd018329d218da879557f6b7b40a540e9214f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.files\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite.btsrodv
binary
MD5: 803c134581580b1460fcc24f1d336d67
SHA256: 7dc3457c0ccc18e68c0a2079f74b4f1169a07fcf9ce53e03227d461c23f01363
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\journals\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\2.btsrodv
binary
MD5: e99d145c63e808a8602b2687a3969de9
SHA256: ae0732020da636ce03491c605e04df8b2a888ac3a6dd994369d64dfdb2dd7225
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\2
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite.btsrodv
binary
MD5: 4ee802551aec76f0ee1abd67d14460d6
SHA256: bc21744b80d429898bed4bc14e800e652558484904bfcd980f68ceb82a5ff590
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite.btsrodv
binary
MD5: b42c3faf791770b8f5bba664c06e4555
SHA256: b3306595f07345232d22fe17d795f9cf0fd8f9487b9d2340fa15a7f8bfeeac81
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.files\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata-v2.btsrodv
binary
MD5: 63328a803dec52a58ee1a2a38d490ab1
SHA256: b11dad36e9f909ad8af06ab67721ba67955b685cc088d0e2c42b012462f2e6af
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata-v2
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata.btsrodv
binary
MD5: 0d26ec6a51cf5a118d5762f28f592223
SHA256: ad7bb311a6d8eb4c9360bd4ca7585a0820af3815f904f2574caab00f2a4c3af3
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite.btsrodv
binary
MD5: f596faf90aebad5eb0e2a1227494efd5
SHA256: d2b3d8587a8241d24fc3a2fc34fa023630f9eb0603814916bb1e49166d20f3e6
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\journals\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1.btsrodv
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata-v2.btsrodv
binary
MD5: 93772935e91f884fe03758766f69cd20
SHA256: c8be95b2e48580e2b7244f40fe331be3514b291607fc87a9871555b19810549f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata.btsrodv
binary
MD5: 7b10a5aa1d6b25f6f68021a7048da82c
SHA256: 4e111266c46d3beb45d9c7b74acc41b79fe912276408fd2c48b0e4b821cf46e1
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata-v2
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite.btsrodv
binary
MD5: 67b5bbbedbda5c0e66c88492af71c7f6
SHA256: 8df950db937bb19485f7b13ccb73f972ff6498e43ecb6ce24c1fc18e42f51d5f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\journals\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\2.btsrodv
binary
MD5: b4c25d838e0a227002103961caa47928
SHA256: 6b4cff055711fbb48856d8409161865e13bd86db03fc400b09f87a4036a7cde7
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\2
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata-v2.btsrodv
binary
MD5: 9eeb60cb0764c1fe08ac514c79097a0c
SHA256: 857da3bf8f91be59015e24ad6460f97034e4c591929bdc15d3642e8e5804c064
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata-v2
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata.btsrodv
binary
MD5: 30a70a4449280f3e25d8ef355c458f4b
SHA256: f1632cac8f4f670e236cd503d29702a57eed4c83c948cf5f6433c5175dc0de14
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt.btsrodv
binary
MD5: 8c7d2685cd2382d4abbe1bde913667fa
SHA256: 42d3cafdda097dd0cd2d8f5f2c202b544b5aa84c8d55846b011a7689d5f35a3d
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4.btsrodv
binary
MD5: e61b0b57747b9d1e5e09d84ded9971ac
SHA256: a1c396b522511027ddbd03b32278abed8c7b04e40833a4c5980aaa4fc17b1d72
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4.btsrodv
binary
MD5: b22e8be6de9f4fd3637e1853204f3565
SHA256: 4ddedded53cdd09602e43693e10fe8ac78f12989349172b8ae620cbb52207976
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.btsrodv
binary
MD5: f39168b4d8f8f0f6fb76c5398bbfe095
SHA256: ce1a50262f0a061b05769e969a6a5d953062bf3f025fb6396cab15cd98cf1313
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.btsrodv
binary
MD5: 244d031597f2153053424755f6115ab9
SHA256: 711abb2fa827b0da1689585da4ae7c294b97fe9de159f205883f7c649a450b3c
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\6c8d38fa-8188-40ce-822e-2249c9316ad9.btsrodv
binary
MD5: b6780bdd19f5355aff0a46f4199f2287
SHA256: d36c6126af5d959cfd527bc21206affb4bfbc7a36f81459ce3007f43ee129dfa
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\6c8d38fa-8188-40ce-822e-2249c9316ad9
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\4802db1c-08fa-4dd6-86ed-b549a554341f.btsrodv
binary
MD5: 481040eb60db454c8bdbdc0d040433e7
SHA256: 498aa6aee8309add36a032956fb1ce3a5779b1ec6158290e844906e64ddac185
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\4802db1c-08fa-4dd6-86ed-b549a554341f
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\3385f807-8392-4197-af83-7cd884348d97.btsrodv
binary
MD5: 72af969543e5dd4150114931e4176b16
SHA256: 38bfa7aba708ad2c9fd59f086b89aa38b7bd93567809e4254fb7ee3c06b8e31b
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\3385f807-8392-4197-af83-7cd884348d97
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt.btsrodv
binary
MD5: 56257944095ab8fd84d926e684d66cf6
SHA256: 0e4f41f70b437224fd9df5022e504890f989c2e43cb1dc7c91ed86387e68b0cc
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js.btsrodv
binary
MD5: 9e8de361b6a2fc92ec9277a697f167b9
SHA256: 6640f43e718eb877a208cda6d9721d299ab73fefb1a426ebbc2525d47dd99b79
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat.btsrodv
binary
MD5: a24adae48392691b35db48e70084349b
SHA256: 7af31425e5c2f7577025677a0b9b7da56b515d8b804ad01f4e72c6e239ad7b91
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite.btsrodv
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pkcs11.txt.btsrodv
pgc
MD5: 353b1c521b649e9e65d4c2c07f3daeae
SHA256: bd47e375c660c588a9fd090299f64a0dc845b21b4c2abf01a62ab9788e5eba1b
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pkcs11.txt
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite.btsrodv
binary
MD5: e82f15a743b4a1c032d3b3c16507fb41
SHA256: 4b5ee0968030d20b913220585038cf6cb949dafc7d7d75c5751191956605bec8
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\minidumps\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\logins.json.btsrodv
binary
MD5: df1e9dcfbdd66e64caf3159bd18c3566
SHA256: 56a7d9a32d67318d4bee449ee5231b6eed1048c33acd98e3a603f4190b009835
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\logins.json
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db.btsrodv
binary
MD5: cb02518e89996cb11d637c9f59a2fd3f
SHA256: 2e92d1f0fef5ebdc3323f8d698c0febd1d4b5e6049c0a6de0c525a1f306c8e6a
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\handlers.json.btsrodv
binary
MD5: c4f83513161f5ae469295d18b618a17f
SHA256: b730a2e1f7504663d2b7bbe6d90fec167fbf3ea1f5067c69d616d00d34c8efc1
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\handlers.json
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.sig.btsrodv
binary
MD5: 36254a54ec216514b0a359a75f03b8a6
SHA256: 22e5daeb86ee9afb71e48ef5125eb559c43ac8fe321066865bf2a8c63cb67983
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.sig
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.lib.btsrodv
binary
MD5: dca0db9093ee3bc53af4f9951ea3f4dc
SHA256: 8e019f66b5293d7c9dcf7576f66510d0a69ad2efe639db0fb241538281469aef
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.lib
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\manifest.json.btsrodv
binary
MD5: baf807d677bf600d48087d8c04b4e22b
SHA256: f2cce7f26ccf0deca3b9adee3fa11ae80d9a530acceb109f2f773a005bc94a93
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\manifest.json
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\LICENSE.txt.btsrodv
binary
MD5: f990854fc85bc68e2f9ac6ec1b236ed2
SHA256: 41d36b05f64b53376f87cbb6fa48b47b5c4c832551952f73895fcaa18dc78428
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\LICENSE.txt
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\gmpopenh264.info.btsrodv
binary
MD5: 1b3f63861614cf25abe7fe95423d4f4f
SHA256: 66aa515227e373704452f23854bc752ac459ff8abfdaa7d2b1b9b7b9946f17b9
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\gmpopenh264.info
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp\WINNT_x86-msvc\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\formhistory.sqlite.btsrodv
binary
MD5: a9a59184e94cc5e5fe868dc5127e55ea
SHA256: 410fff05bba24aaa7bd9c611359d6f0c824af35b93f7184b793d459b06819857
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\formhistory.sqlite
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite.btsrodv
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json.btsrodv
binary
MD5: 9bb6aa62dbf311e0846cabab71f1c26e
SHA256: f5a8b26820bcb3aaa8aea7bcc8f0e53f75ab924664579772bc24ae3d7960333d
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\state.json.btsrodv
gpg
MD5: b2761b6fe0039dcfe54166647da47a8f
SHA256: 9447e51aeeb11b65a136090b2ea0a10ea0561adaf6ffb1a46d6aa7f84f14dcbb
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json.btsrodv
binary
MD5: be5fa8c5ebd3bc37d674529c521b8ecf
SHA256: c3b0369f30b0c4869668b6a4d48a6725e18a33f3ffb5b682f234235ea8ec98da
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\state.json
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553368581827.d57f8e85-a9db-4480-807f-44beb4836c33.main.jsonlz4.btsrodv
binary
MD5: 06a3a6a99c50540511442df48c645a6e
SHA256: d846889d2c3d0f206b42fd2b96642b2a06cdc8faf406797dee21a94ac9dce5da
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553368581814.31cfc09e-97b0-4f3b-bbfa-28179d760902.health.jsonlz4.btsrodv
binary
MD5: d975ac25001d949f1301bf377f78cbfe
SHA256: f297ab1222d88dec96bebf629effc87bf14fba2e6303416e2ddc08634b41537a
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553368581794.3385f807-8392-4197-af83-7cd884348d97.health.jsonlz4.btsrodv
pgc
MD5: 2921d51acffbeb9fce296933694e4c17
SHA256: 92f28ea479219b79dfeb511ddb64ab5286a83c82d73e4a03fce07be23a2fe98e
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553368581814.31cfc09e-97b0-4f3b-bbfa-28179d760902.health.jsonlz4
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553368581794.3385f807-8392-4197-af83-7cd884348d97.health.jsonlz4
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553368581827.d57f8e85-a9db-4480-807f-44beb4836c33.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646916.428022fd-1128-47e0-9128-82697384584b.health.jsonlz4.btsrodv
binary
MD5: 0ea57756df69247d950d71fdeb10adf5
SHA256: ab94bd975075ecf124208442f3340b72debc0a45c0e581ca41caed5fa9c5924c
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646937.9c1d5aa7-8417-4152-b187-6829a20b449c.main.jsonlz4.btsrodv
binary
MD5: 505e8a74288546da1176297d53d78d4d
SHA256: 83fe3c7259c0429d8377f6a52ea66959bde723062a86d1541baa0a3ceb3acf40
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646937.9c1d5aa7-8417-4152-b187-6829a20b449c.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646916.428022fd-1128-47e0-9128-82697384584b.health.jsonlz4
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000620729.94b06a80-a39c-46bf-90b5-264680171d04.main.jsonlz4.btsrodv
binary
MD5: 375ab13d1d58198c8dd06a9bdb1b07b6
SHA256: 6269eaf376364f840c41ca0f59863198aa205a1d3cabe4084174ce7cb8f17634
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646892.6c8d38fa-8188-40ce-822e-2249c9316ad9.health.jsonlz4.btsrodv
binary
MD5: 4978c3dfa5dcd83a3d49208ec90b04e5
SHA256: 2995b3b21c78d7e83cd9c315a2f2066a5923134b7fa2513c8d8ffad13420017d
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000637968.4802db1c-08fa-4dd6-86ed-b549a554341f.update.jsonlz4.btsrodv
binary
MD5: e0462f0bb4e428e0c05e24ce633d4fd0
SHA256: 3066d1dd435837e06cefae6bcff953ade69dbc5974e8d89541a452a7a125fee9
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000646892.6c8d38fa-8188-40ce-822e-2249c9316ad9.health.jsonlz4
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000637968.4802db1c-08fa-4dd6-86ed-b549a554341f.update.jsonlz4
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553000620729.94b06a80-a39c-46bf-90b5-264680171d04.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4.btsrodv
binary
MD5: 6ddb34350266617446b69ea17a560355
SHA256: f71ead71bcc81022aa5eacc1e5160d2d5da3253bd9d6273b0b7e21f6be4e7ae4
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite.btsrodv
binary
MD5: ac9ad3bb73b58391f515aa9237a76073
SHA256: 3f9e794ace20005683e0ee87d8d8dfdfec5b89ee5e150516e6f51d19cf0ed7ec
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\events\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\containers.json.btsrodv
binary
MD5: 71a90cb4bc213e85cfd30dd600354127
SHA256: 44d18aeb1bc3d30aac4f2dd3193d77a7870f4324eee61440496b2ba8f338bbba
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\content-prefs.sqlite.btsrodv
binary
MD5: f87bc71d587f85cac4e356be5b592b7d
SHA256: 8272ae96f09d90c926c33f3ff9d7535ef0b462b1d8e7233ff380422f29d55860
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\containers.json
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\content-prefs.sqlite
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\compatibility.ini.btsrodv
binary
MD5: 5a2dda5d9fe26198874e49e624efcef8
SHA256: abf6e79962704707a0cf58312b765080727c7662dc42f0e4500c29d16bc15d8f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db.btsrodv
binary
MD5: 31257f87db14bf91d4ebdcebb1faf2c4
SHA256: f07320bc9b578fb8737df11cb1b89ffbfa4460ddec6fbdea2f290dbb4265f8d7
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\compatibility.ini
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklist.xml.btsrodv
binary
MD5: f6247408f4fe79e7361af5570a595449
SHA256: 61ccc94093682fc26c026fe8858cb012baded18bc93fd67654e106609d76cc97
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\bookmarks-2018-08-28_14_uZyx1cMFmZ7ZpL4NneCk2A==.jsonlz4.btsrodv
binary
MD5: 82718889c2b5037b3ecd80a3fe9ca5ce
SHA256: 90144753b39824821d5c63612416e969d2908b924013ac4b57a21ebd2c57600f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklist.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\bookmarks-2018-08-28_14_uZyx1cMFmZ7ZpL4NneCk2A==.jsonlz4
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4.btsrodv
binary
MD5: bdd6e3fe6d7845b9a3c10b4d1a60462c
SHA256: 364210a0145b596788bd772de29c8292bd33e4d2c92f337c1d8fa5e985d3c029
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addons.json.btsrodv
binary
MD5: dd8c4afec6cfec82bda9148a227fe7af
SHA256: 562961036acab94633a735c1cb33d87a71c5053be8a825ff3310dd4abe295bfb
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addons.json
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Pending Pings\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20190225143501.btsrodv
binary
MD5: 848e90621f28c3fbc45b4ada7388b0fe
SHA256: 2bd3f7679c5726700695144884b7ac916dff30de5329f2242677a6165bf28301
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20180807170231.btsrodv
fli
MD5: 98444bf8410876a07c023d40ad598f95
SHA256: 5ad038d02d7306375be80e57e7c612f9c86133af32d3dbf376756182fa737ebe
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20190225143501
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20180807170231
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Vault\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Mozilla\Extensions\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Word\STARTUP\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Word\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC.btsrodv
binary
MD5: 9727589c2f9f3522aba2649222973e99
SHA256: 97dbefb2447564a1201224b1261a5f83239d119b3e2bdc54b8268cccb69c2e02
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\Normal.dotm.btsrodv
binary
MD5: 926bb75e721054436024ae1b7815b659
SHA256: ca28728d6169516c07c9c8f4d33e01f25321fd1bd4f891b6843a32275d02b004
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm.btsrodv
binary
MD5: 4f55592a54ee32c9a6857c1af121a885
SHA256: a97d107e61595a90a0477c9c4c5e72941ed012d2923f39483a14f3ee566b6601
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\ECCD4BA46722CB4F92060701865DDF09D8AF68B4.btsrodv
binary
MD5: dfbf647fbbebc54b3d22465b5d477f97
SHA256: 4bdef1426b5d44b736ebc7647865a0f5b4e3b02492f769d3afb045994314edc1
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Access Parts\1033\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Access Parts\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\ECCD4BA46722CB4F92060701865DDF09D8AF68B4
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\E02357FC7708441D4B0BE5F371F4B28961870F70.btsrodv
vc
MD5: df88a876539f35de3c1a65e3b2bace67
SHA256: fe2ad150fceed4d9b49ebfb52f0958b4cf5ece6e42e7141d0189a05a41d8d725
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\E02357FC7708441D4B0BE5F371F4B28961870F70
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Stationery\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Speech\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\slimcore-0-4223384469.blog.btsrodv
binary
MD5: af093daff46c876c51b0abffea6b6668
SHA256: 93b0178f6005c401e2e4b0de6a7039b33d3aa2162d83b2efebdd8d3cf4e655c1
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\shared.xml.btsrodv
binary
MD5: 815ce854b11aa64ce9bfbafeec104840
SHA256: ce0b39b853bbbcb91a43075246f494a08a9b6f7d66f1b2f8f2cc3f5023572654
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\shared.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\slimcore-0-4223384469.blog
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db.btsrodv
binary
MD5: 657d864058e8694a0d9d35b65917c172
SHA256: fee1258587093696a13e7599e78167fd35cd6eef4ae068619a91646328858b96
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db-journal.btsrodv
binary
MD5: a72dde0de04ef72af370cd85f8624d06
SHA256: ec85b222f8b6cd468f5dd5ad93c0e32a44a2a422cd74c9bd0d5307d52d23e3d2
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db-journal
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\config.xml.btsrodv
binary
MD5: 2095116c545a5f8bc26ad455ac382f81
SHA256: ceee79cfdc4bc38601a19009cabc5bd36d1a63ab8022f1b18fbb6fceeff70934
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\config.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-wal.btsrodv
binary
MD5: 4fbf584ce2d4a849c9b85c058c6815ee
SHA256: 40738cc7145dbf0aae02776b6e7058565a0f9498aad27cbbb913a2775afb1ae5
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-wal
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-shm.btsrodv
binary
MD5: 8a161b9713a5dc5f9799fdc6a1197b40
SHA256: ce5097675a989fbfab92cea0e6bbbf74711c810bda18f66140bcee300a02989e
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data.btsrodv
binary
MD5: 370890514c76ee1822745c7ea6226da9
SHA256: 4a255a18e2b02f6b80ec08cc71cd625b29b1781e79bf7c75c95b5ec45d90fa8b
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-shm
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\settings.json.btsrodv
binary
MD5: 6e56cf516b47c0fcfa73d7c6f8e64980
SHA256: 150d1887624bf60730aa1706738c52d54c122f346f41e3d9e1d7497505da1e38
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\QuotaManager.btsrodv
binary
MD5: a856ed4448acda885e4361ddf820ed02
SHA256: 0bb964c09e54635ff7053f226cf7e1f4e2b0973b91258fa861ea0bfc4a820d9f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\QuotaManager
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\settings.json
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.btsrodv
binary
MD5: e52556037dc7b3dff8531d4b1aa68158
SHA256: aff0449c6ee4a5c8b4e7302fbc0d5f23f730e94bf468cef7ac50c9f67a1d43e7
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.bak.btsrodv
binary
MD5: 8cec2f327ab3a5e73e45acdb8127eba8
SHA256: fb52cf9f9c28d72b4ae5ecf1b696b437c4a025f0a88b74586f82ebb8db365977
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Preferences.btsrodv
binary
MD5: a892ef65d100adfc271f82a4db0de3f9
SHA256: 1c4c721bf5dbd1229742dd39836c18437cd5d5cc678cc39e44839a8b1b4b11db
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Preferences
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.bak
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-1-1870167131.blog.btsrodv
binary
MD5: b5fa87dc85cd1d58f01f2e14a9d5ed4c
SHA256: fa22cb72ab0ddd8deb1e50ac224dbe830ca01da190cb3c16783309a6b0abc806
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-0-2576771366.blog.btsrodv
binary
MD5: 003c4827342f2024f4fea149291169fb
SHA256: a1e43cd5fae45d1809a79a8dbe5353df977224cfc5045dffba438f64acb0021c
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-0-2576771366.blog
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-1-1870167131.blog
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\MANIFEST-000001.btsrodv
binary
MD5: 026a7cab2a5e4dcf821f49349ae7c78d
SHA256: a2cda4e9f42e78a806c9f54a106251f2d1b13479ffb5665a6380951c6fb83343
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\logs\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.old.btsrodv
binary
MD5: b03e32dcf9e9bc6269f43a5a12ccd87a
SHA256: 35935fe7ed6401aee72b5ba64be2f445abe2c0c93242ed872d66bc0f69d032b8
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.old
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.btsrodv
binary
MD5: 09361c2042e4373e3c99f9359263a4ca
SHA256: 73cb314ae48613f1a8b507cbc4f474fecece369da86b7bc2d1d54f1263b54d59
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000018.ldb.btsrodv
binary
MD5: db3e3b5132937ba34f92cd4aeb8cc028
SHA256: 4ccf1abcab2007b1858cecc2d651f8943f9885d6661caa4b6b39264d8346f121
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\CURRENT.btsrodv
binary
MD5: 25e2d36d7dd9cd16bf092b1f2bc3d26b
SHA256: 74d3e6ab27f2ad9210b362e1985eadaec6fa9a092a01c8f49799258fb03157cc
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000018.ldb
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\CURRENT
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000005.ldb.btsrodv
binary
MD5: 05e6d93510a280692e8a836e6c795baa
SHA256: 7c9e66887693509f81f20f736ed6a218597dd16798a503a0ebf5b7b1687e0786
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000017.log.btsrodv
binary
MD5: add8cba09d68c3cf8dc3eaa47bff8a84
SHA256: 571730505615e2d1c8c18799f69ab176889dee3a4fdc6cf98ba2342e81b9e12a
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000005.ldb
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000017.log
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.old.btsrodv
binary
MD5: ff76d8fad4fa5936298f0ac50b16495e
SHA256: a7ddba45a69ba54804c3f53d120f81cc8608bf20d4a0170ed54522e31f5f98e0
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001.btsrodv
binary
MD5: 6e0e1e14a92efc7b4b914c632cf91b58
SHA256: 86074f0a92adff3d6e9781708a3e2bd025a3fd942dc660b8f8d33aee86bc15cd
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.old
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\CURRENT.btsrodv
binary
MD5: 1d60dc414b266c63750e0b0173aa7916
SHA256: fc1d118f11fda332b010951e63e65a02ce1b7a7fa3b8695cc229a59a83cd83ce
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.btsrodv
binary
MD5: 94253a8b82e9c4f1a75821a50114a625
SHA256: 00ee9f094ed21dc3c408752b57497cef20946ea3c0a23096dbe2d8d7333ef071
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\CURRENT
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\000003.log.btsrodv
binary
MD5: 0078719fc3d7e7ff099a0d2ca94cc8c2
SHA256: 96928047a08ae75a3049a636111e0e2840f6efadfb96c9efe4c5f71802333661
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\000003.log
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\ecscache.json.btsrodv
binary
MD5: 136195bdedbc6c40cb55b9b0f27c6ef3
SHA256: a69f13166dec3fc112123d7be5b43b190b9daee7929750fe1285cbd923c3742c
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\en-US.bdic.btsrodv
binary
MD5: c937ed698b5b4d3d43eeee7c3a85deff
SHA256: 7213e7e2fdf648ab97ae36fa927c4f8150dddfc93d6adcba226c55e50faad53e
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\en-US.bdic
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\ecscache.json
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\Databases.db.btsrodv
binary
MD5: 4b4039ba6421586b1520372a44c9eeea
SHA256: 1172d9e9dff2f9094df44f52b5295d38ca6e0d5e7dedd4557500456934ecc744
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\device-info.json.btsrodv
binary
MD5: 3a209af8579f2afa25e63abff0b15dbf
SHA256: 05f0bf576ea2c9b92b820d22de4a8fc1feb7b0ffcbcaad3e44925832e5ddefae
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\device-info.json
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\Databases.db
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cookies.btsrodv
binary
MD5: a15c90460528fb4fb3ab3b3612b2b988
SHA256: 748c96b8ac079aa21215e8dc7a657f52ee79cf42e27fb978f14ab84fdf0e9316
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cookies
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000004.btsrodv
binary
MD5: ec71c1fdc119f2472bf5d18ba2f52db0
SHA256: 71c98c6960195f90ed88e89b4f96c9af0cffad1fa62cad4fecf1dd821ebc3d0b
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\index.btsrodv
binary
MD5: 7932a56ee348b4a6cc645d1429ee81bb
SHA256: cf7416a5f30391ca001ef6ad0f2a7ce142f2c623b9712963e280e5d15a018d23
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000004
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\index
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000002.btsrodv
binary
MD5: b782ea2d092cf66d13bbf7ff34aa20bd
SHA256: 7a111827885557bb7fb987e69dc6c7da922f56221cb4a5efd4d8a19479cab796
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000001.btsrodv
binary
MD5: 574836bb26f1ea39774e8ec4bfb4f51b
SHA256: 1cb3c77e56b6b8eea64d3b3d2887625d982eb160b3a900a8fd49a42ca6881393
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000003.btsrodv
binary
MD5: 2c314cc1ed35980af013758feb8709a3
SHA256: 9a266ebb93f2aff405109e00ad5383918cb93ef70d0fed767df0f9d7f77f1dfb
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000003
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000001
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000002
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_3
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_3.btsrodv
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_2.btsrodv
binary
MD5: a118404b70a21101f033656f9f108ca9
SHA256: f5a81bdb9e95496746199a7abff6adef820d545a0f1169bdf9e0cc7c6b46b0bd
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_2
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_1.btsrodv
binary
MD5: 3ed0e555b5168fca537e5d89863c165f
SHA256: 0515dc7104d1b09d4ac037d2d8074bc79c2b60e4a6dfe655a2cf1f8629b72dd4
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_0.btsrodv
binary
MD5: 8f85a608d86e294db4d62a19a44aa9f1
SHA256: 4eb38e2865b1a6aad458a3668ecbba8f3a29b285175ece6ebf532ce51091752d
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_1
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_0
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Signatures\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml.btsrodv
binary
MD5: e62f1cbf6a4ca99a76c61b149a1cefe5
SHA256: 390d1edce0de06fb5fbefa510b445e992afce8e8e72d570552b6a9857e0db4ae
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\Preferred.btsrodv
binary
MD5: c48d2a4ff230075f8d226785905d6eff
SHA256: 54392ccf44a0126a6042126bbb7d4ec4ad7088641edc04af58c277cb4dcf319b
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\Preferred
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\fc958741-2c2f-465a-852a-5ea30b2a11d1.btsrodv
binary
MD5: 6e497827ff399341b479e19159cf52f3
SHA256: 90e3b9018e9f66c970c6b6ab694c0410ca6b4e2471194c5b9738d977a3919939
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\54ba308a-6a9a-4e0e-b137-b89d3579498b.btsrodv
binary
MD5: a35adab70a12973663de5812711f0a98
SHA256: bc1e97b7e05776d956da6cb820fd208fc6a47827fe2818e7b9574a636e1f184b
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\54ba308a-6a9a-4e0e-b137-b89d3579498b
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\fc958741-2c2f-465a-852a-5ea30b2a11d1
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\29fd2168-360f-422a-a685-e6961ea74ba8.btsrodv
binary
MD5: 28ce2a49f61983ccfff479aa28d25635
SHA256: 7272016bdf0f91f0e79e7610d9b585c8dd1b7a9c72c43cb214b5227032a6cf76
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\CREDHIST.btsrodv
binary
MD5: 9ccb33488e0ab9da8d2c183fd3fcd493
SHA256: 22f3f71821ad9add5e827cb4d4ad5ad6955de97adb0753fa02ac56a4fbe8425f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\CREDHIST
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\29fd2168-360f-422a-a685-e6961ea74ba8
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\PowerPoint\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.xml.btsrodv
binary
MD5: cf6ce331efa9f6e6685c619373914f12
SHA256: 972d3e335c06f1cec270c616f7b324ce2a2ae1ea0b5046fb319a9e0951325b78
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Proof\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.xml.btsrodv
prg
MD5: 0b43f2a999b8202524340cd94f06afe5
SHA256: 649118572708edd803d68891b2c4d83e4dfba00daf41a73be48fa439713cacc5
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.srs.btsrodv
binary
MD5: 1b6146cacc5ac4f122ca2504208ccea6
SHA256: b28a03d31d30c5b2d41927d5e83f53be9540f761fc3e8f2ab67d9bf7c0299166
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.srs
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.srs.btsrodv
binary
MD5: b1e8c6ae72cb42d6bb7e73c3d08cfe78
SHA256: 3374844c5d4a285556c39139a6c08b5823502d0fdbcc2830007d4fba6d70e518
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\NoMail.xml.btsrodv
binary
MD5: a364388d783f8a721c9416665e281647
SHA256: 5df6b449291b4bfc2d28f5bed495d4f1fc84d67c573f7977094f3527dd7f2ad6
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.srs
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\NoMail.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\Preferences.dat.btsrodv
binary
MD5: b4e58f628dd7896c11ca2c25a7f10b1a
SHA256: f981019f7965bd7b5afb936d2035f79b76506830fdcb122790c39d0c0bbc7f0a
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\Preferences.dat
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\MSO1033.acl.btsrodv
binary
MD5: 187e0d1c974346dfbdb32351ac41c83d
SHA256: c56464f0f15004c9af575b31f0854e5944c17d2e9824df8bfe7118cb40f4cc7a
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\MSO1033.acl
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\Pbk\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\MMC\taskschd.btsrodv
binary
MD5: f8838dd5bf3226db5c0e8cd6e259476f
SHA256: 7f2255ce8961d9fd0197251304571d4761b649e210da2eaaf051d9f90c8db7d0
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\MMC\taskschd
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\MMC\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\HTML Help\hh.dat.btsrodv
binary
MD5: a48187981de8909f0b5e8f844bfd67fc
SHA256: 3a58b9cd12a49999e28b0662c5645d52aa34b383dde383ad18d1a0ab8844f212
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\HTML Help\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Excel\XLSTART\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\HTML Help\hh.dat
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Excel\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx.btsrodv
binary
MD5: 7a47392cf162bc248cff57234e05f168
SHA256: c913ab2dcc69a8486c31df2d0833997c2c5fc7f228fce68280c0a66d4774537c
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\e3f86d7936454598ef98443d4fd3260d_90059c37-1320-41a4-b58d-2b75a9850d2f.btsrodv
pgm
MD5: c3422a1a5cc934cc9ae0a36de8c97153
SHA256: 356a0cc9058122d07146a6b9f621985ed1f816ede71ffd4304bb9fe13a99778d
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\e3f86d7936454598ef98443d4fd3260d_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\a551dda6b1d5ee0d0c4637af6c004413_90059c37-1320-41a4-b58d-2b75a9850d2f.btsrodv
binary
MD5: bb170f4e46110d0e627b9da7eadadf84
SHA256: 3001258169261e2c3e44f2534924fc7b15bdfec65b853fb04fa87ddba570295c
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\c43c9d3341c1ddc712bbe39db3c78fa5_90059c37-1320-41a4-b58d-2b75a9850d2f.btsrodv
binary
MD5: 76a3d3e68b65f7526241e17702ba1a74
SHA256: 93ecb85adb3c3afd1f733b22568ee7747ae22c62b8b0665f3ca69a03806312ca
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\c43c9d3341c1ddc712bbe39db3c78fa5_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\a551dda6b1d5ee0d0c4637af6c004413_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\1f91d2d17ea675d4c2c3192e241743f9_90059c37-1320-41a4-b58d-2b75a9850d2f.btsrodv
binary
MD5: 0a1ae30eec0d04efb3b0b2341b82af78
SHA256: 837e7c3d0d26c0dce9d0d43def41ecdc4e15a9e09e4c7e9b0be55df0c04ac125
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\0f5007522459c86e95ffcc62f32308f1_90059c37-1320-41a4-b58d-2b75a9850d2f.btsrodv
binary
MD5: fba4647e0bf333a329de91d7bf88443c
SHA256: e116002df8167375368c3d5661a29cf2dc265bf0e519a51406df2c962bb62234
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\7be1242ebc44e45985bd1ffa382e997c_90059c37-1320-41a4-b58d-2b75a9850d2f.btsrodv
binary
MD5: 32aabe762d5408f82d8e94a542b97460
SHA256: 35535b0827b3b0a5474ac1bf748d374cf03f23dad6bcabe681fafb9e14f62044
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\0f5007522459c86e95ffcc62f32308f1_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\1f91d2d17ea675d4c2c3192e241743f9_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\7be1242ebc44e45985bd1ffa382e997c_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Credentials\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Media Center Programs\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Identities\{E4CE17A7-FC47-4CD1-8FF6-45436C8F45DB}\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\FileZilla\queue.sqlite3.btsrodv
binary
MD5: a0881d3db4e850e3284487a52ec8e941
SHA256: 3aec6fc82342dd7f0bcec0ba15798c6494543ef7147f7ecd979b9a0241eddfa7
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Identities\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Microsoft\AddIns\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\FileZilla\queue.sqlite3
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\FileZilla\filezilla.xml.btsrodv
binary
MD5: 39860031047bfbd19fa5e31700b7c8fb
SHA256: e923d3da73b108ed03dce56063a550667c733b68877b82b4c86d1682e75cc52c
2568
file.exe
C:\Users\admin\AppData\Roaming\FileZilla\layout.xml.btsrodv
binary
MD5: 2c413157e7b3e530fab49cca20bd8a11
SHA256: 7022296a11b0cc9b0dd7ca12880daaa1ae18734303a37758130cda7bdbccb59f
2568
file.exe
C:\Users\admin\AppData\Roaming\FileZilla\filezilla.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\FileZilla\layout.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml.btsrodv
binary
MD5: 3d041dba46f1c556c0e0c0439153898f
SHA256: f03fac48f2ccdcdeacfdfa82b8bbdf513d9b74208373031f4c18aa32e2c85b99
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\FileZilla\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg.btsrodv
binary
MD5: cfcf950918cff48959dc78305070fb7b
SHA256: 927e1bc8996f6bbd25e58a14eb280149c00970a27b1e3acbc3a3763402d0757d
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_HeadlightsOptinProductFamily_HeadlightsOptinProduct_00000000-0000-0000-0000-000000000000_dc2ece58-8a8b-40bf-98c2-48039a3392bd.log.btsrodv
binary
MD5: 5f28471df6f44d81503da9581fb4e6f7
SHA256: 6ffb6df354059cb8ac793db267df180cb736ec94546bde7f01f310e6b96ddf90
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_Reader_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_02f147fa-0489-4885-b993-ed9936fcacc0_0.rdy.btsrodv
binary
MD5: 174bcd98c241b407536cc7216830f9a1
SHA256: 8467128ab14013aeb76d90b15233031d23aa3f72904db1d579581b3b4861aeb6
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_Reader_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_02f147fa-0489-4885-b993-ed9936fcacc0_0.rdy
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_HeadlightsOptinProductFamily_HeadlightsOptinProduct_00000000-0000-0000-0000-000000000000_dc2ece58-8a8b-40bf-98c2-48039a3392bd.log
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_ARM2Update_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_fea03e67-af51-4fcb-b57f-c238867edb9b_0.log.btsrodv
binary
MD5: 9f517be13a2462711741c026f95f0c4a
SHA256: 4a8d9db0157a9dfd3acb9bc87c7930afa933e3ee958381f4cfd3c765e3e9bde8
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_ARM2Update_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_fea03e67-af51-4fcb-b57f-c238867edb9b_0.log
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\Linguistics\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\Headlights\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\AssetCache\J7D4H966\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl.btsrodv
binary
MD5: 04434e2e19e4cf3f7df5e77b4aeacade
SHA256: c205be0e973fea66fd328ebafa5fa74b32dab03073def82cf79227f988349e7d
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\AssetCache\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.btsrodv
binary
MD5: fc7060b729575f4726d257bee1194708
SHA256: 04f82e224d0cf407a71c58dc548f501c858124e1b7baa2c59fa0b97963960d82
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl.btsrodv
binary
MD5: f5dc15cbd12af00b8249588779872e59
SHA256: 0982ff2c177f3a1b5662dda17c870c7f93fa917c0b286f979fd5a7b773dcb16d
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.btsrodv
binary
MD5: 33a1d6d791b2fe911690524a089b1137
SHA256: 2514d85e3860930587c3c921900b18691f092fa20fcc52f3e546069c89e1b01a
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Forms\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.btsrodv
binary
MD5: 3cb1a7358b328bc1cd733b5de288e59d
SHA256: 8b2af9f124bf524b9b38f8288b00ca16bcc8424803fe78a892b77785d59d9d17
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\AppData\Roaming\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Collab\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp.btsrodv
binary
MD5: 75c31380c81833182a2e0d488511121b
SHA256: b13ff9b46aebbcac45a1f7cd91264cce3595b49d2f5af97d05ab89a33bfa97a2
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\AppData\Roaming\Adobe\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Users\admin\.oracle_jre_usage\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\admin\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\System Volume Information\tracking.log.btsrodv
binary
MD5: b502e0087ab5c4a91dcfff5622c42d30
SHA256: 5b26e8e000757d31a635750288e3a1620ede7d923fb92c371671fd759d286cb2
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{FC5F241B-73F6-4813-9D64-4E4F00D39C97}_WindowsUpdateInfo.btsrodv
binary
MD5: ddc67d65171ad7e37ce625c17d10f092
SHA256: d47c31c600e490a9e479c4c3a8d26f147e5b2f5236c985925fb0214fd4cc3738
2568
file.exe
C:\System Volume Information\tracking.log
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{FC5F241B-73F6-4813-9D64-4E4F00D39C97}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{FC5F241B-73F6-4813-9D64-4E4F00D39C97}_DriverPackageInfo.btsrodv
binary
MD5: 4fd2492dfd027fd3d8210b1277c4cd86
SHA256: 4eb35efef9c6b1eab2add717a51d436d38fcd225f9707d7a6c3f9e81c27dfe26
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{FC5F241B-73F6-4813-9D64-4E4F00D39C97}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{FBC1D708-BE70-4DDF-91EA-C05528F7BECB}_WindowsUpdateInfo.btsrodv
binary
MD5: fc596f544f21b10697f4f33033b019af
SHA256: 307c5ca751ad6b53dd42f0eb53c6965cf31551bc0019ee59e6dda30240ffe3a9
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{FBC1D708-BE70-4DDF-91EA-C05528F7BECB}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{FBC1D708-BE70-4DDF-91EA-C05528F7BECB}_DriverPackageInfo.btsrodv
binary
MD5: 9d86ef4333babd43f9c0491cff488ab9
SHA256: 9fa124baa570321bf635d7bcc152dd161104fe620035996d2e6fd768256aa4a8
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{FBC1D708-BE70-4DDF-91EA-C05528F7BECB}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{EE321E85-0E9D-4572-B152-5E2DC9F9BCBE}_WindowsUpdateInfo.btsrodv
binary
MD5: 9c4aab69c5621c8f88c9a46a750120ba
SHA256: a9d696f10f3ca6f5fd616ab4effcfbda98f22b7e7a264e03a505a48df2e87d4e
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{EE321E85-0E9D-4572-B152-5E2DC9F9BCBE}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{EE321E85-0E9D-4572-B152-5E2DC9F9BCBE}_DriverPackageInfo.btsrodv
binary
MD5: f5122ffdd3d671fdb27bff44165f9365
SHA256: 0d389fd46d9fbc6c337930a2d413e1d09e18467449616a1d68c5038cb3269639
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{EE321E85-0E9D-4572-B152-5E2DC9F9BCBE}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{EBAFCF70-55F1-48BB-822A-5412291C8B75}_WindowsUpdateInfo.btsrodv
binary
MD5: ff96bed034041edf97e4f8a36c0561e6
SHA256: 5c360024da2fd1f868854329b2b8edfbbf48bc660dd7ce6846e6b6f900f0a702
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{EBAFCF70-55F1-48BB-822A-5412291C8B75}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{EBAFCF70-55F1-48BB-822A-5412291C8B75}_DriverPackageInfo.btsrodv
atr
MD5: f456bcf9837b5ad47f7ac312c64f5c36
SHA256: dca69b2ab512e942a4767481a6b3f6e0972721d313fa8a0b82f4c72e91c08425
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{DE4FB673-C96D-43AA-A06E-DB0853B54BFA}_WindowsUpdateInfo.btsrodv
binary
MD5: 43d2aaa8b0a086a1b15ed62250742a73
SHA256: f03a8b504d18e2b3159bcae3a69886a52a80a75f98f130601b0000fd1e418ec2
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{DE4FB673-C96D-43AA-A06E-DB0853B54BFA}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{EBAFCF70-55F1-48BB-822A-5412291C8B75}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{DE4FB673-C96D-43AA-A06E-DB0853B54BFA}_DriverPackageInfo.btsrodv
binary
MD5: 21ed2643f6b71689ab3d24495706a108
SHA256: 060a573d86fb41b861493c6d2615f3a5db4ad456390a20aafd0ef782343aa251
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{94E6C3A2-599E-462D-9C45-78274DADED0C}_WindowsUpdateInfo.btsrodv
binary
MD5: fe85a16d472bae0c72ba4f882620ac2b
SHA256: 69942e0acd141aec5d7a4dd5529d0346341425022e2b736685abf4fdf57f3ed6
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{94E6C3A2-599E-462D-9C45-78274DADED0C}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{DE4FB673-C96D-43AA-A06E-DB0853B54BFA}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{94E6C3A2-599E-462D-9C45-78274DADED0C}_DriverPackageInfo.btsrodv
binary
MD5: 0a5189474c0f923fd95fc01e4b922dc8
SHA256: 0e5dd9d41cab9e3cf8d59dc6f99bfed0ccbb7630c564d1b934fdc2cc1de41137
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{8B4C0ECB-7F10-47DC-AE3F-C1F2BD0A0DD1}_WindowsUpdateInfo.btsrodv
binary
MD5: 6b7764fdb4aac6dd525a2ed54ba4856c
SHA256: 2ab0c5e1a60d9c4cf541f6edca405b02d3de8c44dffddb5c4bfd9c2d05157bc8
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{8B4C0ECB-7F10-47DC-AE3F-C1F2BD0A0DD1}_DriverPackageInfo.btsrodv
binary
MD5: 41094cd075e2040dad1825fa38d4064a
SHA256: 0dd4f0af8185f96a6b0d7687f6ae6e52ab4a1131438fc20b6fc84fc2a2a4d4af
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{94E6C3A2-599E-462D-9C45-78274DADED0C}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{8B4C0ECB-7F10-47DC-AE3F-C1F2BD0A0DD1}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{8B4C0ECB-7F10-47DC-AE3F-C1F2BD0A0DD1}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{6AF49B38-A69B-4427-8E0D-1D7F53ED58E8}_DriverPackageInfo.btsrodv
binary
MD5: 80d9b1ea54c2a11ae7cb267e696b520d
SHA256: bf40499525b4b3bca6eca9af90f6354865d0b322b10b8ad07f24d1adb0c4cac2
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{6AF49B38-A69B-4427-8E0D-1D7F53ED58E8}_WindowsUpdateInfo.btsrodv
binary
MD5: 71684dc6ca62a2d7720a6c0c85424b17
SHA256: b8ed1cf0a8de25f505855ee44eb8687d3e6fd5c38ae054abcd8c2fd65f137d8b
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{6AF49B38-A69B-4427-8E0D-1D7F53ED58E8}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\{6AF49B38-A69B-4427-8E0D-1D7F53ED58E8}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{fc5f241b-73f6-4813-9d64-4e4f00d39c97}_OnDiskSnapshotProp.btsrodv
binary
MD5: 974cb8c76b2f5aa6e9f2aade623b4e86
SHA256: 7309be3fae25ddf41fb1b01c947e370cf27eca9c2aa865120adc6e2b87324aaa
2568
file.exe
C:\System Volume Information\SPP\SppCbsHiveStore\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{fbc1d708-be70-4ddf-91ea-c05528f7becb}_OnDiskSnapshotProp.btsrodv
binary
MD5: f508643400505ccd3f27801669af8779
SHA256: 79dd35779018a89c9d95daa0758e389648fa79059d0998643aaba191c6b9ca98
2568
file.exe
C:\System Volume Information\SPP\SppGroupCache\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{fc5f241b-73f6-4813-9d64-4e4f00d39c97}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{fbc1d708-be70-4ddf-91ea-c05528f7becb}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{ebafcf70-55f1-48bb-822a-5412291c8b75}_OnDiskSnapshotProp.btsrodv
binary
MD5: be0ac12f5357a3f6089db9b3cb5bcd36
SHA256: 3fc17cabedb84848ab154279af57fec118156101bee026cd3a1bc603907795f3
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{ee321e85-0e9d-4572-b152-5e2dc9f9bcbe}_OnDiskSnapshotProp.btsrodv
binary
MD5: 86450b23e5d406493ecdbbb335ce2e06
SHA256: 13a3a6904a21ff15a95c808fbd95e21fe25893cdcc6beb9eefc5fd028323db57
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{de4fb673-c96d-43aa-a06e-db0853b54bfa}_OnDiskSnapshotProp.btsrodv
binary
MD5: bf87b904fbf3d07e9ecceee2a22360a1
SHA256: 7c723b4687cf5aacdb882628411bb42f8c98d0a1ec8db8c18d3c681e74f1e967
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{ebafcf70-55f1-48bb-822a-5412291c8b75}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{de4fb673-c96d-43aa-a06e-db0853b54bfa}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{ee321e85-0e9d-4572-b152-5e2dc9f9bcbe}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{cec64297-f2cb-423b-9a4d-7695294fdbcd}_OnDiskSnapshotProp.btsrodv
binary
MD5: 9644d9c311ce7f05a95fe044e2fc2983
SHA256: e62f3b176bc08ab32dfd2ed048e1b77dd66742660193b352319ffbb5a6f7c098
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{c9cf9f24-5351-4202-a015-c273ae785f0c}_OnDiskSnapshotProp.btsrodv
binary
MD5: f17fcfcad6a8489445164ead01fc1ef5
SHA256: ae5b984828e11b2b10d137cf2e3f750e80dab395b4fd355523d5b4688866ddee
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{cec64297-f2cb-423b-9a4d-7695294fdbcd}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{c9cf9f24-5351-4202-a015-c273ae785f0c}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{94e6c3a2-599e-462d-9c45-78274daded0c}_OnDiskSnapshotProp.btsrodv
binary
MD5: ceeb87e505554eacae7787cc4d12f272
SHA256: d84505d555f91230b062f627924dc543652ccc4614489445e411addc6a6ef9b3
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{b45425b2-5957-425c-82c9-bf873c06e2b9}_OnDiskSnapshotProp.btsrodv
binary
MD5: 350e2930b076d6a3e66771c553ec8a41
SHA256: 2c7a211128d8a9557315676fbd11df8c61241db612bbd4a3838440b078406370
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{94e6c3a2-599e-462d-9c45-78274daded0c}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{b45425b2-5957-425c-82c9-bf873c06e2b9}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{8b4c0ecb-7f10-47dc-ae3f-c1f2bd0a0dd1}_OnDiskSnapshotProp.btsrodv
gpg
MD5: 8ccec17a63b51def0e67a1f2bb7ec0be
SHA256: 23f76fff1556a400d14bcf7e12ad358873ffcd529b34f6cc3fc3b7a8d66e7b7f
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{8b4c0ecb-7f10-47dc-ae3f-c1f2bd0a0dd1}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{6dec60c5-cac5-4c55-9061-62edac696401}_OnDiskSnapshotProp.btsrodv
binary
MD5: 8e2982403ac6fdec08d7ede19191f306
SHA256: 73720e81144a608742301994fa7f518a811922144e2e3233efd63a135aa740e4
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{6dec60c5-cac5-4c55-9061-62edac696401}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{6af49b38-a69b-4427-8e0d-1d7f53ed58e8}_OnDiskSnapshotProp.btsrodv
binary
MD5: e466ec2e58e2c441933a00cca1e30bfe
SHA256: d98e48cc1cf35740dddf81056268cd34d87c2b539161519440f0b89df990bedb
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{6af49b38-a69b-4427-8e0d-1d7f53ed58e8}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{3cc0f82b-873a-4e59-b89f-689fbdf88af9}_OnDiskSnapshotProp.btsrodv
binary
MD5: 6bc1218f4eea4aeda8b1891dd1c50855
SHA256: aa394eb54b050ca60579f372f05bb496b8c2b76d1f600aaaf73f304ba8e2f35b
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{5c4beaff-a038-4df7-9b35-072a18f8e3d6}_OnDiskSnapshotProp.btsrodv
binary
MD5: 831e004fbfb7037d9d36fd15e9be1920
SHA256: 75ff961ca0a4ab778d3abce377e53324580eec6d4289b533fa8ec9fcfbb8a440
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{5c4beaff-a038-4df7-9b35-072a18f8e3d6}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{3cc0f82b-873a-4e59-b89f-689fbdf88af9}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{05ed3515-06b3-48f6-8cf2-bf24b1bf0727}_OnDiskSnapshotProp.btsrodv
binary
MD5: 7078c69d56f1e43dca459253fe43fc8b
SHA256: 95dc239389a8b8c606f8cdd4d4a3eb3982104a15d8c45e5b95f48798a1e9605b
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{38e8535f-27d0-4352-aa3a-ce4178930102}_OnDiskSnapshotProp.btsrodv
binary
MD5: 2623a12e1916beb3e26012b905f8e192
SHA256: 55b79b66a89428080f531425d2afa2acfc4f1a5765a5ff7d864e317feed704a7
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{16d74681-6bc3-4c44-97f0-8b8dfefe2355}_OnDiskSnapshotProp.btsrodv
binary
MD5: e1c1d1319ab29bf56817a6d4647dd8b7
SHA256: 1225ed63ecc7e100eef74c887fb2ee013812ce703751fc0ebd4b49be01a7a81f
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{38e8535f-27d0-4352-aa3a-ce4178930102}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{16d74681-6bc3-4c44-97f0-8b8dfefe2355}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{05ed3515-06b3-48f6-8cf2-bf24b1bf0727}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\System Volume Information\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\System Volume Information\SPP\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\System Volume Information\SPP\OnlineMetadataCache\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Recovery\345b46fe-a9f9-11e7-a83c-e8a4f72b1d33\Winre.wim
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Recovery\345b46fe-a9f9-11e7-a83c-e8a4f72b1d33\Winre.wim.btsrodv
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Recovery\345b46fe-a9f9-11e7-a83c-e8a4f72b1d33\boot.sdi.btsrodv
binary
MD5: 030c12bba4f1d492a5539fa155ad80a8
SHA256: de59b7618269f8b8d06c3a7475b10a034a86e4982ae9e37d0180be2debe8bc9f
2568
file.exe
C:\Recovery\345b46fe-a9f9-11e7-a83c-e8a4f72b1d33\boot.sdi
––
MD5:  ––
SHA256:  ––
2568
file.exe
C:\Recovery\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Recovery\345b46fe-a9f9-11e7-a83c-e8a4f72b1d33\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\PerfLogs\Admin\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\PerfLogs\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Program Files\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568
file.exe
C:\Users\BTSRODV-MANUAL.txt
text
MD5: 42ade2535ac685bacd24ab722f1d212a
SHA256: f792bbff2f831bbc240757b109ae5dfb71e1dcd67c3eb4867e7494d84da54d4f
2568